I'm trying to get Shibboleth to work with a new DSpace 6 installation on 
Centos 7 running Apache 2.4.  I have both password and Shibboleth 
authentication enabled.  This gives me the opportunity to hover over the 
Shibboleth login link.  The link shows this URL:


or, with all the placeholders exchanged:


When I click the link, our standard Shibboleth login box appears.  I enter 
credentials and then I get the error message:

"*No peer endpoint available to which to send SAML response*" 

The fellow who maintains the Identity Provider says it logs the 
AssertionConsumerServiceURL as:


Putting two and two together, it seems the IdP can't contact the SP because 
it's trying to hit port 8080.  Since I have Apache doing reverse proxy, the 
IdP needs to hit the base URL, but I can't find a way to change it.  Here 
are the relevant lines from the Apache main config:

# Send requests for / to /ourschool-ir
RedirectMatch ^/$ /ourschool-ir
# Redirect http to https
Redirect permanent /ourschool-ir https://rc.library.ourschool.edu/uta-ir

And from the Apache virtual server config:

<Location />
       # Configure Shibboleth for "lazy" authentication
        AuthType shibboleth
        ShibUseHeaders on
        Require shibboleth
<Location /Shibboleth.sso>
        # Suggested by DSpace docs
         ProxyPass !
         SetHandler shib
        ProxyPass /ourschool-ir 
        ProxyPassReverse /ourschool-ir 

Any clues greatly appreciated.


You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Reply via email to