By: Johann Hoermann user 29 Apr 2022 at 8:47 a.m. CDT

1 Response
Johann Hoermann gravatar
Hello, i try to have fun working thru your book Schwartz/Machulak: Securing the Perimeter, Apress 2018. Up to now i am in Chapter 3 SAML in paragraph Configure the Gluu Server Shibboleth IDP When I navigate to my SP url as described at page 87, it produces an error message: Server is misconfigured. Running as CLI it complains ``` /usr/bin/python: not found ``` says that this srcipt is 6 years old ... I did update the script to python3 I commented the shibboleth Options in default-ssl.conf, reloaded apache2 and tested ``` ``` It put the Environment Variables into my browser, so the cgi now works. I activated Shibboleth in default-ssl.conf again. now redirects to my Gluu IDP! But ... The IDP displays: Your browser sent a request that this server could not understand. The redirected URL to the IDP is ``` ``` What could be wrong? Is it something regarding to the SAML2SSO settings in the Trust Relationship? As recommended in your book, the Trust Relationship settings are: ``` SAML2SSO signResponses : always signAssertions : never signRequest : conditional encryptAssertions : always encryptNameIds : always ``` The Shibboleth Directives at the SP are, according to your book, page 80/81: ``` AuthType shibboleth ShibRequestSetting requireSession true Require valid-user ``` shibboleth-version at the SP is 3.2.2: ``` libapache2-mod-shib 3.2.2+dfsg1-1 liblog4shib2:amd64 2.0.0-2 libshibsp-plugins:amd64 3.2.2+dfsg1-1 libshibsp10:amd64 3.2.2+dfsg1-1 shibboleth-sp-common 3.2.2+dfsg1-1 shibboleth-sp-utils 3.2.2+dfsg1-1 ``` Help is very much appreciated, Johann

By Mobarak Hosen Shakil staff 01 May 2022 at 8:23 a.m. CDT

Mobarak Hosen Shakil gravatar
Hi Johann, Please read our [documentations]( on [Shibboleth SAML SP](, Hope this gonna help you. Regards ~ Shakil