Mdthbs

Why are two-digit numbers in Jonathan Swift's "Gulliver's Travels" (1726) written in "German style"?

Why doesn't the university give past final exams' answers?

Why do C and C++ allow the expression (int) + 4*5?

Why did Israel vote against lifting the American embargo on Cuba?

What's the connection between Mr. Nancy and fried chicken?

Weaponising the Grasp-at-a-Distance spell

What came first? Venom as the movie or as the song?

Continue tikz picture on next page

Is it OK if I do not take the receipt in Germany?

Will I be more secure with my own router behind my ISP's router?

What documents does someone with a long-term visa need to travel to another Schengen country?

Converting a text document with special format to Pandas DataFrame

Why not use the yoke to control yaw, as well as pitch and roll?

Who's this lady in the war room?

Is there a verb for listening stealthily?

Pointing to problems without suggesting solutions

Why is one lightbulb in a string illuminated?

How is an IPA symbol that lacks a name (e.g. ɲ) called?

false 'Security alert' from Google - every login generates mails from 'no-reply@accounts.google.com'

Like totally amazing interchangeable sister outfit accessory swapping or whatever

Does GDPR cover the collection of data by websites that crawl the web and resell user data

Raising a bilingual kid. When should we introduce the majority language?

Should man-made satellites feature an intelligent inverted "cow catcher"?

"Destructive force" carried by a B-52?

Unknown Authz provider with Shibboleth on Apache 2.4

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

2

Currently I am dealing with the migration of a PHP web application from Apache 2.2 to Apache 2.4. This application is SSO-enabled, by using Shibboleth in order to manage the authentication process.

The following .htaccess file is tuned to manage the authorization for Identity Classes:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



#Require ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

Apache is able to start correctly, but while trying to use the content under the .htaccess file above, an error occurs:

/var/www/myapp/SSO/RestrictedIdentityClass/.htaccess: Unknown Authz provider: ADFS_IDENTITYCLASS

Take into account that I also enabled the mod_authz_core.so, but the issue persists. Note also that I am using Microsoft ADFS as Identity Provider, and generally everything works fine.

Any suggestion to point out what I am doing wrong?

apache-httpd authentication

share|improve this question

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

add a comment | 

2

Currently I am dealing with the migration of a PHP web application from Apache 2.2 to Apache 2.4. This application is SSO-enabled, by using Shibboleth in order to manage the authentication process.

The following .htaccess file is tuned to manage the authorization for Identity Classes:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



#Require ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

Apache is able to start correctly, but while trying to use the content under the .htaccess file above, an error occurs:

/var/www/myapp/SSO/RestrictedIdentityClass/.htaccess: Unknown Authz provider: ADFS_IDENTITYCLASS

Take into account that I also enabled the mod_authz_core.so, but the issue persists. Note also that I am using Microsoft ADFS as Identity Provider, and generally everything works fine.

Any suggestion to point out what I am doing wrong?

apache-httpd authentication

share|improve this question

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

add a comment | 

Currently I am dealing with the migration of a PHP web application from Apache 2.2 to Apache 2.4. This application is SSO-enabled, by using Shibboleth in order to manage the authentication process.

The following .htaccess file is tuned to manage the authorization for Identity Classes:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



#Require ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

Apache is able to start correctly, but while trying to use the content under the .htaccess file above, an error occurs:

/var/www/myapp/SSO/RestrictedIdentityClass/.htaccess: Unknown Authz provider: ADFS_IDENTITYCLASS

Take into account that I also enabled the mod_authz_core.so, but the issue persists. Note also that I am using Microsoft ADFS as Identity Provider, and generally everything works fine.

Any suggestion to point out what I am doing wrong?

apache-httpd authentication

share|improve this question

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



#Require ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

/var/www/myapp/SSO/RestrictedIdentityClass/.htaccess: Unknown Authz provider: ADFS_IDENTITYCLASS

share|improve this question

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

share|improve this question

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

edited Jul 11 '16 at 0:01

Jeff Schaller♦

45.2k1164147

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

asked Dec 4 '15 at 14:23

vdenotarisvdenotaris

1266

2 Answers
2

active

oldest

votes

1

The Shibboleth syntax has been changed after the upgrade from Apache 2.2 to 2.4:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



Require shib-attr ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

I had to add shib-attr before the identity classes in order to run the authorization process.

Note: check that mod_authz_core is correctly loaded within your environment.

share|improve this answer

edited 4 hours ago

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

add a comment | 

0

Shibboleth module located in this path. /usr/lib64/shibboleth/mod_shib_24.so.
Just use LoadModule to point this using any .conf file.
This 00-shib-global.conf not created by any package.
Like, cat conf.d/00-shib-global.conf.

LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so

share|improve this answer

answered yesterday

KumaranKumaran

1

New contributor

Kumaran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f247371%2funknown-authz-provider-with-shibboleth-on-apache-2-4%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1

The Shibboleth syntax has been changed after the upgrade from Apache 2.2 to 2.4:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



Require shib-attr ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

I had to add shib-attr before the identity classes in order to run the authorization process.

Note: check that mod_authz_core is correctly loaded within your environment.

share|improve this answer

edited 4 hours ago

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

add a comment | 

1

The Shibboleth syntax has been changed after the upgrade from Apache 2.2 to 2.4:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



Require shib-attr ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

I had to add shib-attr before the identity classes in order to run the authorization process.

Note: check that mod_authz_core is correctly loaded within your environment.

share|improve this answer

edited 4 hours ago

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

add a comment | 

The Shibboleth syntax has been changed after the upgrade from Apache 2.2 to 2.4:

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



Require shib-attr ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

I had to add shib-attr before the identity classes in order to run the authorization process.

Note: check that mod_authz_core is correctly loaded within your environment.

share|improve this answer

edited 4 hours ago

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

SSLRequireSSL   # The modules only work using HTTPS

AuthType shibboleth

ShibRequireSession On

ShibExportAssertion Off



# Page can only be accessed by authenticated users

Require valid-user



# To restrict access to an Identity Class

# use the configuration line below.



Require shib-attr ADFS_IDENTITYCLASS "Trusted" "Registered" "Shared"

share|improve this answer

edited 4 hours ago

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

answered Dec 8 '15 at 15:16

vdenotarisvdenotaris

1266

0

Shibboleth module located in this path. /usr/lib64/shibboleth/mod_shib_24.so.
Just use LoadModule to point this using any .conf file.
This 00-shib-global.conf not created by any package.
Like, cat conf.d/00-shib-global.conf.

LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so

share|improve this answer

answered yesterday

KumaranKumaran

1

New contributor

Kumaran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

Shibboleth module located in this path. /usr/lib64/shibboleth/mod_shib_24.so.
Just use LoadModule to point this using any .conf file.
This 00-shib-global.conf not created by any package.
Like, cat conf.d/00-shib-global.conf.

LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so

share|improve this answer

answered yesterday

KumaranKumaran

1

New contributor

Kumaran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Shibboleth module located in this path. /usr/lib64/shibboleth/mod_shib_24.so.
Just use LoadModule to point this using any .conf file.
This 00-shib-global.conf not created by any package.
Like, cat conf.d/00-shib-global.conf.

LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so

share|improve this answer

answered yesterday

KumaranKumaran

1

New contributor

Kumaran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered yesterday

KumaranKumaran

1

New contributor

Kumaran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered yesterday

KumaranKumaran

1

New contributor

Kumaran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered yesterday

KumaranKumaran

1