Hi Glenn, Not sure I have a solution, but based on the DSpace documentation, configuring Shibboleth for DSpace requires using Apache (with mod_shib) in front of Tomcat: https://wiki.duraspace.org/display/DSDOC6x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication
Do you have Apache fully working with Tomcat (without Shibboleth)? It sounds like parts of your application are still using port 8080 (which is obviously going to Tomcat, directly, and bypassing Apache) instead of port 80. The first step here seems to be to get DSpace fully running on port 80. We have some notes on doing that in the DSpace installation docs at: https://wiki.duraspace.org/display/DSDOC6x/Installing+DSpace#InstallingDSpace-UsingSSLonApacheHTTPDinfrontofTomcat(runningonports80and443) The other thing to check is your [dspace]/config/dspace.cfg configuration file. Specifically, you want to be sure that the "baseURL" in that configuration does NOT include a port number (i.e. it should use port 80). By default, that baseURL uses port 8080 (which would tell DSpace to generate URLs back to itself using port 8080), e.g. dspace.baseUrl = http://localhost:8080 So, per your examples, I'd expect your baseURL should be simply " http://rc.library.ourschool.edu". Here's where that configuration is in your dspace.cfg file: https://github.com/DSpace/DSpace/blob/master/dspace/config/dspace.cfg#L29 Hopefully that helps some! If you figure it out, let us know...or report back on this list if you have further questions. Tim On Thu, Feb 22, 2018 at 4:58 PM <librarysystems.t...@gmail.com> wrote: > I'm trying to get Shibboleth to work with a new DSpace 6 installation on > Centos 7 running Apache 2.4. I have both password and Shibboleth > authentication enabled. This gives me the opportunity to hover over the > Shibboleth login link. The link shows this URL: > > > https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https%3A%2F%2Frc.library.ourschool.edu%3A8080%2F%2Futa-ir%2Fshibboleth-login > > or, with all the placeholders exchanged: > > > https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https://rc.library.ourschool.edu:8080//ourschool-ir/shibboleth-login > > When I click the link, our standard Shibboleth login box appears. I enter > credentials and then I get the error message: > > "*No peer endpoint available to which to send SAML response*" > > The fellow who maintains the Identity Provider says it logs the > AssertionConsumerServiceURL as: > > *https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST* > <https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST> > > Putting two and two together, it seems the IdP can't contact the SP > because it's trying to hit port 8080. Since I have Apache doing reverse > proxy, the IdP needs to hit the base URL, but I can't find a way to change > it. Here are the relevant lines from the Apache main config: > > # Send requests for / to /ourschool-ir > RedirectMatch ^/$ /ourschool-ir > # Redirect http to https > Redirect permanent /ourschool-ir > https://rc.library.ourschool.edu/ourschool-ir > > > And from the Apache virtual server config: > > <Location /> > # Configure Shibboleth for "lazy" authentication > AuthType shibboleth > ShibUseHeaders on > Require shibboleth > </Location> > <Location /Shibboleth.sso> > # Suggested by DSpace docs > ProxyPass ! > SetHandler shib > </Location> > ProxyPass /ourschool-ir > http://rc.library.ourschool.edu:8080/ourschool-ir > ProxyPassReverse /ourschool-ir > http://rc.library.ourschool.edu:8080/ourschool-ir > </VirtualHost> > > > Any clues greatly appreciated. > > Glenn > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dspace-tech+unsubscr...@googlegroups.com. > To post to this group, send email to email@example.com. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- Tim Donohue Technical Lead for DSpace & DSpaceDirect DuraSpace.org | DSpace.org | DSpaceDirect.org -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.