关于公共网址的SSO测试存在问题。
我的SP将在公共站点上提供服务,它的主机名是x056.org.local,我将entryId配置为xx://sso.mypublic.com/shibboleth,sso.mypublic.com是公共URL
使用登录页面xx://sso.mypublic.com/secure/
登录后然后开始重定向到原始网址,浏览器会转到xx://x056.org.local/secure/但不会转到https://sso.mypublic.com/secure/。
问题是xx://x056.org.local/secure/不是公共URL,终端用户无法访问它,因此页面无法访问错误。
Anyboay可以帮忙检查一下吗?或其他解决方案?
xx表示https
=============================================== ======
已按照步骤
1. download and instal sp on machine
2. include shibboleth's configuration into apache 2.1. into httpd.conf file add include "PATH/opt/path/etc/apache22"(if version is apache2.2, otherwise appropriate)
3. in apache22.config file add the location you want to secure - it would be /secure bydefault
4. in shibboleth2.xml file (in etc folder) put your entity id(application defaults element), ex https://mywebsite.com/shibboleth - this can be anything, not neccessary a real path
5. put entity id of your idp in sso element, in case of testshib it would be https://idp.testshib.org/idp/shibboleth
6. in the metadata provider put idp's metadata uri to your idp's metadata urn, incase testshib it would be http://www.testshib.org/metadata/testshib-providers.xml
7. Download metadata from https://mywebsitehost.com/Shibboleth.sso/Metadata - here mywebsitehost would be a real host and rest path will be automatically configured by shibboleth - this path will download your sp's metadata file
8. Upload metadata file to testshib for register
答案 0 :(得分:0)
如果您正在使用被动身份验证,请确保使用Login-Link设置的重定向目标是正确的。 如果您正在使用主动身份验证,则可能需要检查Apache(?) - VHost-Configuration。