Rails with Omniauth and Shibboleth

Question

I'm using shibboleth as auth provider in Omniauth ( https://github.com/toyokazu/omniauth-shibboleth ). After a successful login and redirect to rails it can't create a new session because it can't see any Shib-Session-ID or Shib-Application-ID. On the same apache server other web applications(java), are using same shibboleth enpoint without any issues.

Answer 1

Have you tried :debug option for omniauth-shibboleth? Doesn't it show Shib-Session-ID or Shib-Application-ID?

If your Java web application can correctly receive environment variables from Apache, the URI of Rails application must be different from Java application's one. You must add the rails URI to shibd configuration to protect your rails application. Please refer README "How to authenticate users" section for detail.

https://github.com/toyokazu/omniauth-shibboleth

If your word 'endpoint' means the URI '/yourapp/shibboleth/callback' exactly same as Rails one, Shib-Session-ID or Shib-Application-ID should be shown with :debug option. In this case, I could not find the reason. One possibility is you are using separate rails application server like mongrel, thin or unicorn and so on. We are currently supporting only Apache module like Phusion passenger because of the security reason. Please also refer README.

Best Regards