By: Johann Hoermann user 29 Apr 2022 at 8:47 a.m. CDT

1 Response
Johann Hoermann gravatar
Hello, i try to have fun working thru your book Schwartz/Machulak: Securing the Perimeter, Apress 2018. Up to now i am in Chapter 3 SAML in paragraph Configure the Gluu Server Shibboleth IDP When I navigate to my SP url squid.fritz.box/protected/printHeaders.py as described at page 87, it produces an error message: Server is misconfigured. Running printHeaders.py as CLI it complains ``` /usr/bin/python: not found ``` github.com says that this srcipt is 6 years old ... I did update the script to python3 https://pastebin.com/yuspc3G7 I commented the shibboleth Options in default-ssl.conf, reloaded apache2 and tested ``` https://squid.fritz.box/protected/printHeaders.py ``` It put the Environment Variables into my browser, so the cgi now works. I activated Shibboleth in default-ssl.conf again. https://squid.fritz.box/protected/printHeaders.py now redirects to my Gluu IDP gluub18.fritz.box! But ... The IDP displays: Your browser sent a request that this server could not understand. The redirected URL to the IDP is ``` https://gluub18.fritz.box/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fVLLbsIwEPyVyHdwkvJILIKUwqFItCBCe%2BilcpyFWDJ28Dot7dc3IVSlh3LeeezM7gT5QVUsrV2pN3CsAZ13OiiN7DxISG01MxwlMs0PgMwJlqWPSxb2fVZZ44wwingpIlgnjZ4ZjfUBbAb2XQp43iwTUjpXIaMUj7Us%2Bjsr3Vc%2FNyealTLPjQJX9hENbWVDul5lW%2BLNmz2k5q3iL3%2Bv6joPoisFWVS0WWInFVzoGyikBeFolq2It5gn5E2MhSjAH0dxHI7uggDiYcB3A%2B5HwzgW4bCBIdaw0Oi4dgkJ%2FTDs%2BYNeGG8Dn%2FkjNoheibe%2BZL2XupB6f7uYvAMhe9hu170u0gtYPMdpAGQ6aetlZ2N7VfhtWf7TMpn%2B12l7kiY%2BFBN65dDZVeypkVzM10ZJ8emlSpmPmQXuICEBodOO8vcZpt8%3D&RelayState=ss%3Amem%3Aec8a2bed9a7bc93fa8008e2dbdc1bd28b71560ce6472e6aa39a1636f5adfab42 ``` What could be wrong? Is it something regarding to the SAML2SSO settings in the Trust Relationship? As recommended in your book, the Trust Relationship settings are: ``` SAML2SSO signResponses : always signAssertions : never signRequest : conditional encryptAssertions : always encryptNameIds : always ``` The Shibboleth Directives at the SP are, according to your book, page 80/81: ``` AuthType shibboleth ShibRequestSetting requireSession true Require valid-user ``` shibboleth-version at the SP is 3.2.2: ``` libapache2-mod-shib 3.2.2+dfsg1-1 liblog4shib2:amd64 2.0.0-2 libshibsp-plugins:amd64 3.2.2+dfsg1-1 libshibsp10:amd64 3.2.2+dfsg1-1 shibboleth-sp-common 3.2.2+dfsg1-1 shibboleth-sp-utils 3.2.2+dfsg1-1 ``` Help is very much appreciated, Johann

By Mobarak Hosen Shakil staff 01 May 2022 at 8:23 a.m. CDT

Mobarak Hosen Shakil gravatar
Hi Johann, Please read our [documentations](https://gluu.org/docs/gluu-server/4.3/admin-guide/saml/) on [Shibboleth SAML SP](https://gluu.org/docs/gluu-server/4.3/integration/sswebapps/saml-sp/), Hope this gonna help you. Regards ~ Shakil