example shibboleth configuration #36
Comments
|
Hello, Is your Shibboleth working in general? I mean for example for a directory with static html file. For Flask-SSO the eppn value must be present in headers, so you should adjust the attribute map for sure. One more possible issue / solution. You should insert your first user to DB using SQL command and give him admin role. This is not done by db-init.py script. It's a bug to be fixed in near future, but currently this must be done manually. If the shibboleth is working, the shibo.conf for httpd (apache2) should be as follows: The endpoints which are not protected by Shibboleth are protected by app itself. Either by @localhost_only decorator or by API key. |
|
I was missing this part in Apache config. I've also modified the attribute map to suit our IDP. I've already created the user, but with different UUID (since i was just testing it in local mode), now it matches the value sent from IDP and mapped by Shibboleth and it works. Thanks! |
Good morning,
we are trying to deploy ExaFS with SSO through Shibboleth, however, we have encountered a few problems.
Problem no.1 is the absence of functional Shibboleth configuration example. We are using KeyCloak as IDP and there is not much resources online on how to configure both SP and IDP to make it work with apache as reverse proxy.
Would it be possible to add an example of Shibboleth configuration file into the docs, which we can use to crosscheck our configuration?
Problem no.2 is ExaFS itself, or rather flask-sso. We are getting
flask_sso.SSOAttributeError, same as described in this issue. Not sure if it's because of Shibboleth misconfiguration or just because the library wasn't updated since 2015, but it may be a subject for another issue.Note: The attribute mapping may differ for each IDP, e.g. keycloak doesn't provide 'eppn' out-of-the-box, but we can adjust the attribute map afterwards.
The text was updated successfully, but these errors were encountered: