We are trying to install Shibboleth for the first time and we got everything working perfectly when applying single sign for a website over a top level domain, but not under a sub directory.
Here is our Apache virtual host config file which works perfectly:
<VirtualHost *:443>
... some other settings
<Location />
AuthType shibboleth
Require shibboleth
ShibRequireSession On
Order allow,deny
Allow from all
</Location>
</VirtualHost>
With this configuration, we can do this:
SCENARIO A
- Go to
https://myawesomewebsite.com/securein my web browser - My web browser redirects me to my single sign on service at
https://somesinglesignon.com/authenticate - I type in my username and password at
https://somesinglesignon.com/authenticateand press submit - The server sends me back to
https://myawesomewebsite.com/secure
Everything above worked perfectly.
Now I'm going to modify my virtual host file such that <Location /> becomes <Location /secure>. So my virtualhost file looks like this now:
<VirtualHost *:443>
... some other settings
<Location /secure>
AuthType shibboleth
Require shibboleth
ShibRequireSession On
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Now when I try to repeat the steps 1 to 4, instead I get this:
SCENARIO B
- Go to
https://myawesomewebsite.com/securein my web browser - My web browser redirects me to my single sign on service at
https://somesinglesignon.com/authenticate - I type in my username and password at
https://somesinglesignon.com/authenticateand press submit - The server sends me back to
https://myawesomewebsite.com/Shibboleth.sso/SAML2/POST
Why is step 4 Scenario A different from step 4 in Scenario B? How do I make A.4 the same as B.4?
