Hi, list. Me again...
I have a dev instance of a VCL management node working great, talks to
our Shib IdP, all good. Its name is "vlab-a".
Now I'm trying to set up another instance using our deployment
automation tools, before going production. The staging instance is
named "vlab-b".
Except for the EntityID, all of our shib-related configs are the same.
shibd is running happily, our campus IdP has the metadata for the SP
on both hosts, and our IdM group confirms that vlab-b is talking to the
IdP. But, while vlab-a works fine, vlab-b is throwing the error:
You have attempted to log in to VCL using a Shibboleth
Identity Provider that VCL has not been configured to
work with. VCL administrators have been notified of the
problem.
If I browse to vlab-b/Shibboleth.sso/Session, I get what looks like good
session data.
The shib portion of the authMechs array in conf.php:
<quote>
$authMechs = array(
"UChicago Single Sign-On" => array(
"type" => "redirect",
"URL" =>
"/Shibboleth.sso/Login?target=/shibauth&entityID=urn:mace:incommon:uchicago.edu",
"affiliationid" => 0,
"help" => "Use \"UChicago Single Sign-On\" to log in with your
UChicago ID."),
</quote>
(Again, that's identical to the working instance, but shown here for the
sake of reference.)
Looking at my SP's shib and apache logs, I don't find anything that
looks like an error, though I could be missing something.
Any clues for where to look next? I'm stumped.
Thanks,
-m
--
Michael Jinks :: [email protected]
University of Chicago IT Services
