shibboleth SP Problem PATH exclusion

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

shibboleth SP Problem PATH exclusion

Luigi Rizzi
 i try shibboleth SP for iis ;
i try to config shibboleth2.xml i have a problem:

     <RequestMap applicationId="default">
          <Host name="172.16.12.164">
              <Path name="AttiDigitali2008" authType="shibboleth"
requireSession="true" requireSessionWith="idp">
             </Path>
        </RequestMap>
can i exclude a path into "AttiDigitali2008" for exmpale exclude
"172.16.12.164/AttiDigitali2008/testPath/"

or i can exclude only a url example
"172.16.12.164/AttiDigitali2008/testPathFile.hml"

thank you for your help.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP Problem PATH exclusion

Cantor, Scott E.
> can i exclude a path into
> "AttiDigitali2008" for exmpale exclude
> "172.16.12.164/AttiDigitali2008/testPath/"

Yes, you can override any settings you want to by setting them explicitly
inside a nested Path element.

> or i can exclude only a url example
> "172.16.12.164/AttiDigitali2008/testPathFile.hml"

Path signifies any part of a pathname, including a filename, or path info on
the end of a URL.

-- Scott


Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP Problem PATH exclusion

Luigi Rizzi
Can you give am example?

Il giorno 07/mag/2010, alle ore 18.49, "Scott Cantor" <cantor.
[hidden email]> ha scritto:

>> can i exclude a path into
>> "AttiDigitali2008" for exmpale exclude
>> "172.16.12.164/AttiDigitali2008/testPath/"
>
> Yes, you can override any settings you want to by setting them  
> explicitly
> inside a nested Path element.
>
>> or i can exclude only a url example
>> "172.16.12.164/AttiDigitali2008/testPathFile.hml"
>
> Path signifies any part of a pathname, including a filename, or path  
> info on
> the end of a URL.
>
> -- Scott
>
>
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP Problem PATH exclusion

Cantor, Scott E.
> Can you give am example?

<Path name="a" requireSession="1">
        <Path name="b" requireSession="0"/>
</Path>

-- Scott


Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP Problem PATH exclusion

Peter Schober
In reply to this post by Luigi Rizzi
* Luigi Rizzi <[hidden email]> [2010-05-07 18:59]:
> Can you give am example?

You might find this page helpful:
https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo
-peter
Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP Problem PATH exclusion

Luigi Rizzi
In reply to this post by Cantor, Scott E.
I try using

> <Path name="a" requireSession="1">
>    <Path name="file1.HTML" requireSession="0"/>
> </Path>

But not work with filename :(

iorno 07/mag/2010, alle ore 19.22, "Scott Cantor" <[hidden email]>  
ha scritto:

>> Can you give am example?
>
> <Path name="a" requireSession="1">
>    <Path name="b" requireSession="0"/>
> </Path>
>
> -- Scott
>
>
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP Problem PATH exclusion

Cantor, Scott E.
 > I try using
>
>> <Path name="a" requireSession="1">
>>    <Path name="file1.HTML" requireSession="0"/>
>> </Path>
>
> But not work with filename :(

I'm going to assume that you aren't literally trying to use a path of "a" if
that isn't the file system you're using, and if you are, you've just
demonstrated really effectively why I don't like giving people examples.

But saying "it doesn't work" doesn't provide native.log output or debugging
evidence that it's broken, and if you really think it is, you can provide
all that in a bug report.

-- Scott


Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP Problem PATH exclusion

Luigi Rizzi
In reply to this post by Luigi Rizzi
I try with :

<Host name="localhost">
            <Path name="AttiDigitali" authType="shibboleth"
requireSession="true" requireSessionWith="idp">
                      <Path name="FirmaDocumenti.js" authType="none"
requireSession="0" />
          </Path>
 </Host>
but if i go http://localhost/AttiDigitali/FirmaDocumenti.js
i'm redirect on idp url ....
help me....

2010/5/7 Luigi Rizzi <[hidden email]>:

> I try using
>
>> <Path name="a" requireSession="1">
>>   <Path name="file1.HTML" requireSession="0"/>
>> </Path>
>
> But not work with filename :(
>
> iorno 07/mag/2010, alle ore 19.22, "Scott Cantor" <[hidden email]> ha
> scritto:
>
>>> Can you give am example?
>>
>> <Path name="a" requireSession="1">
>>   <Path name="b" requireSession="0"/>
>> </Path>
>>
>> -- Scott
>>
>>
>
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP Problem PATH exclusion

Cantor, Scott E.
> <Host name="localhost">
>             <Path name="AttiDigitali" authType="shibboleth"
> requireSession="true" requireSessionWith="idp">


Just stop using requireSessionWith. You don't need it, and you can't turn it
"off", so that's causing your problem.

> but if i go http://localhost/AttiDigitali/FirmaDocumenti.js
> i'm redirect on idp url ....

That's because requireSessionWith is still in place above, and there's no
way to set it to "nothing".

Whatever you're doing with that property should be done by specifying the
IdP's entityID in the RequestMap itself and using a single SessionInitiator

-- Scott


Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP Problem PATH exclusion

Luigi Rizzi
I remove   
requireSessionWith="idp"
And all work fine 


Il giorno 12/mag/2010, alle ore 17.19, "Scott Cantor" <[hidden email]> ha scritto:

requireSessionWith="idp"