TechQA.

Shibboleth ignoring configuration settings

5.5k views Asked by At

When testing shibd from command line (/usr/sbin/shibd -t) I'm seeing this warning:

WARN Shibboleth.Application : empty/missing cookieProps setting, set to "https" for SSL/TLS-only usage

My app is in fact HTTPS only, so I want to extend this to Shibboleth (I am a development environment and am not in production).

Previously,/etc/shibboleth/shibboleth2.xml config file contained this in the ApplicationDefaults section: 

  <Sessions lifetime="28800" timeout="3600" checkAddress="false"
        handlerURL="/Shibboleth.sso" handlerSSL="true" 
        exportLocation="http://localhost/Shibboleth.sso/GetAssertion"
        exportACL="127.0.0.1"
        idpHistory="false" idpHistoryDays="7">

So, I added the following

cookieProps="; path=/; secure; httpOnly" after HandlerSSL="true"

same section: 

  <Sessions lifetime="28800" timeout="3600" checkAddress="false"
        handlerURL="/Shibboleth.sso" handlerSSL="true" cookieProps="; path=/; secure; httpOnly"
        exportLocation="http://localhost/Shibboleth.sso/GetAssertion"
        exportACL="127.0.0.1"
        idpHistory="false" idpHistoryDays="7">

Now the error I'm seeing when issuing shibd -t is:

WARN Shibboleth.Application : custom cookieProps setting should include "; secure" for SSL/TLS-only usage

Why is shib ignoring the secure declaration?

apache ssl centos shibboleth
Original Q&A
1

There are 1 answers

0
Jan Ziesse On

Using: cookieProps="https"

did the trick for me.

Related Questions in APACHE

Related Questions in SSL

Related Questions in CENTOS

Related Questions in SHIBBOLETH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions