I am trying to get my php app to authenticate with a shibboleth IDP. I have this in my httpd.conf:
<Location /> AuthType shibboleth
My app is the only one running on this server, so I want everything under / secured.
If I try to access the server I get redirected to the IDP just fine. I enter my login/passwd and then it goes into an endless redirect loop. It looks like the IDP redirects to https://myserver/Shibboleth.sso/SAML2/POST but apache intercepts it and decides it needs to be authenticated, so it redirects back to the IDP. Can anyone explain how this is supposed to work? How does apache know that a user is authenticated and that it should pass through the request? Thanks!