Menu
▾
▴
Re: [GeoNetwork-devel] Shibboleth redirection problem with service "shib.user.login" on GeoNetwork 2.10.4
|
From: Emanuele T. <et...@ge...> - 2015-02-17 17:49:48
|
Hi Gioele, Make also sure you have properly mapped the shibboleth auth attributes: https://github.com/geonetwork/core- geonetwork/blob/2.10.x/web/src/main/webapp/WEB-INF/config-security-shibboleth- overrides.properties Cheers, Emanuele Alle 18:35:47 di Tuesday 17 February 2015, Gioele Minardi ha scritto: > I have started tomcat in remote debug mode and I discover that > Geonetwork doesn't receive the session attributes from the Service > Provider. It is strange because another app in the same tomcat receive all > the attributes. > I continue to investigate and will warn you when I find something. > > Cheers, > Gioele > > Il 17/02/2015 17:09, Emanuele Tajariol ha scritto: > > Hi Gioele, > > > >> Can I modify the shib.user.login service and add a log function to it? > >> How can I do this? > > > > The service does nothing, as you can see here > > > > https://github.com/geonetwork/core- > > geonetwork/blob/2.10.x/web/src/main/java/org/fao/geonet/services/login/Sh > > ibLogin.java > > > > The authentication flow is driven by Spring, so you should give a look to > > https://github.com/geonetwork/core- > > geonetwork/blob/2.10.x/web/src/main/java/org/fao/geonet/kernel/security/s > > hibboleth/ShibbolethPreAuthFilter.java > > > > I guess you only need to add this line > > > > log4j.logger.geonetwork.auth = DEBUG > > > > to your log4j.cfg file. > > > > Cheers, > > Emanuele > > > > Alle 16:54:01 di Tuesday 17 February 2015, Gioele Minardi ha scritto: > >> Il 17/02/2015 15:51, Emanuele Tajariol ha scritto: > >>> Hi Gioele, > >>> > >>> please note that the shibboleth authentication in GeoNetwork does need > >>> the module mod_shib in apache for performing the needed redirection > >>> toward the IdP. This is also stated in the page you referred > >>> https://github.com/geosolutions-it/core-geonetwork/wiki/Shibboleth-setu > >>> p- on-2.10.x > >>> > >>> Please make sure that mod_shib puts in the needed headers when > >>> forwarding the user request to the shib.user.login service. > >>> > >>> Cheers, > >>> Emanuele > >> > >> Apache has mod_shib and other apps in tomcat works like a charm with > >> shibboleth. > >> Apache uses ajp connector to communicate with tomcats and for passing > >> the IDP attributes (on the same tomcat another app is working without > >> problems). > >> Can I modify the shib.user.login service and add a log function to it? > >> How can I do this? > >> > >> Thank you, > >> Gioele -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Emanuele Tajariol Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 380 2116282 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- |