Closed confusedmatrix closed 6 years ago
Absolute handlerURLs are fine for use; this issue is probably related to #22 (or your location /Shibboleth.sso {}
block needs checking to ensure you're passing the correct params though).
I'd suggest taking a look at the conversation at #22 -- in particular, my comments about checking config and then the other users' later comments about port configuration (especially since you are reverse proxying). In particular, the current Shibboleth SP code determines your scheme (eg http or https) based upon your SERVER_PORT
and it's limited to 443/8443. If that's the source of your problem, try https://github.com/nginx-shib/cpp-sp/commit/c63f1ca437cb2090cc5e5fb6c8bd961c0345bb51 and see if that solves the issue.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Description of Issue/Question
My shibboleth SP is sitting being a reverse proxy and in order to avoid the issue of mismatched assertion consumer service URLs, I have set the handlerURL on Sessions directive to the absolute URL of the shibresponder route using the proxy hostname.
Setup
I am using the basic nginx config given in https://github.com/nginx-shib/nginx-http-shibboleth/blob/master/CONFIG.rst
My Sessions directive in shibboleth2.xml start with:
The error I receive is "FastCGI Shibboleth responder should only be used for Shibboleth protocol requests."
Any ideas on what I might try to resolve this issue?