My client is at https://ui.lib.umn.edu:3000 and the REST API at rest.lib.umn.edu. My apache shib configuration is as described at https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Shibboleth+Configuration. I can login with Firefox and Chrome, but when logging in with Safari, the REST server responds with a 403.
A successful login (via Chrome) looks like this in the apache logs: 10.21.41.171 - - [14/Jul/2020:15:35:06 -0500] "GET /Shibboleth.sso/Login?target= https://rest.lib.umn.edu/server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 860 10.21.41.171 - - [14/Jul/2020:15:35:28 -0500] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 289 10.21.41.171 - [email protected] [14/Jul/2020:15:35:28 -0500] "GET /server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 - An unsuccessful login (via Safari) from the same workstation is similar: 10.21.41.171 - - [14/Jul/2020:15:32:48 -0500] "GET /Shibboleth.sso/Login?target= https://rest.lib.umn.edu/server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 858 10.21.41.171 - - [14/Jul/2020:15:33:21 -0500] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 289 10.21.41.171 - [email protected] [14/Jul/2020:15:33:21 -0500] "GET /server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 403 20 Which is identical except for the 403, and a small text file from the IdP that contains "Invalid CORS request" I'm not sure -- angular bug? server bug? Safari bug? This worked fine across all browsers in beta 2... My next test will be to place the client and server on the same host... Meanwhile, I'm not sure where to go! Thanks for any advice! ~~ Bill -- Human wheels spin round and round While the clock keeps the pace... -- John Mellencamp ________________________________________________________________ Bill Tantzen University of Minnesota Libraries 612-626-9949 (U of M) 612-325-1777 (cell) -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CADgrb7Fip73uL%2BXt217Nx5z%3DTFCEF4ScPg9X%3DzQqapt2in_Cbw%40mail.gmail.com.
