服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Shibboleth SP不redirect,没有IdPauthentication – 错误403.14 W / IIS 7.5
Intereting Posts
在执行SaltStack期间closuresCron 显示名称和电子邮件地址不一样 suse professional和suse企业有什么区别? 我们应该如何build立一个支持持续发展的Web服务器? 完全合格的域名,dhcp dnssearch后缀和尾随点 arp – 删除不删除条目; 只是将条目标记为“不完整” 用于php-fpm套接字的SElinux标签 在Exchange 2010中拨号扩展没有磅键 XP客户端失去WINS注册 还原已删除的更新列表SCCM 2007 CPanel – 如何阻止Apache以root用户身份运行? sa2 -A / var / log / sa / sa13:没有这样的文件或目录 如何configuration启用邮件的Exchange 2007公用文件夹,以便回复button是正常的邮件回复而不是“回复”回复? Debian预先late_command不执行 为什么networking堆栈忽略来自非默认接口的icmp回复?

Shibboleth SP不redirect,没有IdPauthentication – 错误403.14 W / IIS 7.5

我试图得到一个testing服务器设置为使用IIS 7.5 Shibboleth SP,我卡住了。 我正在使用https://idp.testshib.org/idp/shibboleth IdP,但它从不要求证书或redirect到testshib网站。 这是迄今为止我所得到的:

计算机名称= TestBox2.SHIB.Local

shibboleth2.xml: 

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" logger="c:/opt/shibboleth-sp/etc/shibboleth/syslog.logger" clockSkew="180"> <!-- The OutOfProcess section contains properties affecting the shibd daemon. --> <OutOfProcess logger="c:/opt/shibboleth-sp/etc/shibboleth/shibd.logger"> <!-- <Extensions> <Library path="odbc-store.so" fatal="true"/> </Extensions> --> </OutOfProcess> <!-- The InProcess section contains settings affecting web server modules/filters. --> <InProcess logger="c:/opt/shibboleth-sp/etc/shibboleth/native.logger"> <ISAPI normalizeRequest="true"> <!-- Maps IIS Instance ID values to the host scheme/name/port/sslport. The name is required so that the proper <Host> in the request map above is found without having to cover every possible DNS/IP combination the user might enter. The port and scheme can usually be omitted, so the HTTP request's port and scheme will be used. --> <Site id="1" scheme="https" sslport="443" name="TestBox2.SHIB.Local"/> </ISAPI> </InProcess> <!-- Be sure to change this port number to the one matching what you used when installing shibd on your system. Default for Windows systems seems to be 1600, so that is what is used here, however if you install on a different port, write that in here. --> <TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/> <!-- Windows RequestMapper --> <!-- The RequestMap defines portions of the webspace to protect; TestBox2.SHIB.Local/secure here. --> <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMap --> <RequestMapper type="Native"> <RequestMap applicationId="default"> <Host name="TestBox2.SHIB.Local"> <Path name="secure" authType="shibboleth" requireSession="true"/> </Host> </RequestMap> </RequestMapper> <!-- The entityID is the name TestShib made for your SP. --> <ApplicationDefaults entityID="https://TestBox2.SHIB.Local/shibboleth" REMOTE_USER="eppn"> <!-- You should use secure cookies if at all possible. See cookieProps in this Wiki article. --> <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions --> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="true" cookieProps="; path=/; secure"> <!-- Triggers a login request directly to the TestShib IdP. --> <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceSSO --> <SSO entityID="https://idp.testshib.org/idp/shibboleth"> SAML2 SAML1 </SSO> <!-- SAML and local-only logout. --> <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout --> <Logout>SAML2 Local</Logout> <!-- Handlers allow you to interact with the SP and gather more information. Try them out! Attribute values received by the SP through SAML will be visible at: http://TestBox2.SHIB.Local/Shibboleth.sso/Session --> <!-- Extension service that generates "approximate" metadata based on SP configuration. --> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <!-- Status reporting service. --> <Handler type="Status" Location="/Status" acl="127.0.0.1 192.168.200.110"/> <!-- Session diagnostic service. --> <Handler type="Session" Location="/Session" showAttributeValues="true"/> <!-- JSON feed of discovery information. --> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <!-- Error pages to display to yourself if something goes horribly wrong. --> <Errors supportContact="root@localhost" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/> <!-- Loads and trusts a metadata file that describes only the Testshib IdP and how to communicate with it. --> <MetadataProvider type="XML" uri="http://www.testshib.org/metadata/testshib-providers.xml" backingFilePath="testshib-two-idp-metadata.xml" reloadInterval="180000" /> <!-- Attribute and trust options you shouldn't need to change. --> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/> <AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <!-- Your SP generated these credentials. They're used to talk to IdP's. --> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/> </ApplicationDefaults> <!-- Security policies you shouldn't change unless you know what you're doing. --> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <!-- Low-level configuration about protocols and bindings available for use. --> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>

状态页面结果

当我尝试访问/安全区域时出错:

(我会链接到它,但我不被允许…新用户,我把它链接给你 – cstamas)