Hi all. I'm stepping through Aaron's Shib instructions and I've managed to hose my VCL dev instance.
Things went fine until I enabled Shib for VCL and hit the web interface. I immediately realized that my user account didn't have admin privileges, since only the user-level buttons appeared on the landing page. So I tried to back out my changes, but with Shib disabled, my browser always gets redirected to /shibauth, which draws a 500/Internal Server Error. I've done enough investigating to be pretty sure that the redirect is being controlled by something in the backing database, not by anything in the local filesystem, but I'm not sure what has changed. How can I access an admin account with Shib enabled? Is there any way to give a user account full privileges? Our efforts up to now have failed. And/or, how can I get back from where I am? I have SQL access to the backing store, so if I knew what to change I could un-shib the instance and start over. I'd rather not just do a complete load from the database without looking around a bit first. On Fri, Aug 17, 2012 at 04:58:33PM +0000, Aaron Coburn wrote: > > > Many thanks, but we're still on 2.2. Are there lots of differences? > > Not really. > > The main difference is that there is no "ALLOWADDSHIBUSERS" constant, so you > can just skip the item related to that. You will just not be able to manually > add a user to a group before that user has logged in for the first time. > > > > > On Fri, Aug 17, 2012 at 01:08:39AM +0000, Aaron Coburn wrote: > >> Michael, > >> > >> That page you mention is generally correct, but it is very incomplete. > >> Rather than responding over email, I wrote an article on shibbolizing > >> the VCL here: > >> > >> [1]http://people.apache.org/~acoburn/shibboleth.html <snip>
