Pergunta

I have set the Shibboleth Identity Provider at server A with domain name idp.XXX.gr.

Then I set a proxy with an embedded service provider at server B with domain name proxy.XXX.gr.

proxy.XXX.gr and idp.XXX.gr works great together. The problem starts when I try to connect the second application to the SSO system.

The second application is a Dspace and it is install at the server C and at the same server I set a Shibboleth Service Provider with domain name sp-dspace.XXX.gr.

Service Provider sp-dspace.XXX.gr works great with Identity Provider idp.XXX.gr.

In front of Dspace there is a nginx at server D with a domain name dspace.XXX.gr, which redirects to the Dspace application.

When I try to login to Dspace with Shibboleth login, I go to sp-dspace.XXX.gr (by redirection) and then to the idp.XXX.gr login page. There, I submit my credentials and the login is successfully, but instead of redirecting back to sp-dspace.XXX.gr and then to dspace.XXX.gr I get an idp error page with the following message:

Error Message: No peer endpoint available to which to send SAML response

If then I tried to login to proxy.XXX.gr, I do not have to put my credentials because I am already logged in.

This is my problem scenario. My thoughts are rather I have missed to configure a setting to redirect back, or maybe I am missing something (eg dspace.XXX.gr and sp-dspace.XXX.gr must have the same domain name or dspace.XXX.gr must have the same global ip with sp-dspace.XXX.gr).

Foi útil?

Solução

You should use the same domain name for Service Provider (SP) and Dpace. After that, you should use apache httpd you installed for your SP, in front of your dspace tomcat (VirtualHost / ssl.conf ) following the Dspace 4 documentation.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top