[Building Sakai] Shibbolizing Sakai

Tue Feb 16 02:52:38 PST 2010

Dear all,

We're trying to integrate Sakai with a Shibboleth Idp but we're having some problems getting the Shibboleth attributes out of the request.
Our setup:

We're running Sakai 2.5.5 with apache httpd in front. We're also using mod_shib to handle some of the Shibboleth stuff

Our httpd config [1], relevant sakai properties and we're using the Stockholm patch [2]

When we try to login we are correctly moved to our IdP where we can log in.
We are then redirect to /sakai-login-tool/container where the ShibContainerLogin picks the request up.
The strange thing is that the Shibboleth attributes are not present in the request.
When I go to /Shibboleth.sso/Session the needed attributes are displayed.

I'm fairly sure there is a misconfiguring in our apache config or in some of our servlets.

Anyone who has experienced this kind of behaviour?

Kind regards,

Simon

[1]
NameVirtualHost 192.168.101.132:443
<VirtualHost 192.168.101.132:443>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/grapple.caret.cam.ac.uk.crt
    SSLCertificateKeyFile /etc/apache2/ssl/grapple.caret.cam.ac.uk.key
    SSLCertificateChainFile /etc/apache2/ssl/comodo.ca-bundle

    <Location "/sakai-login-tool/container">
        AuthType shibboleth
        ShibRequireSession On
        require shibboleth
        AllowOverride Options
    </Location>

    JkMount /* ajp13_worker
    JkUnmount /Shibboleth.sso/* ajp13_worker
    JkUnmount /shibboleth-sp/* ajp13_worker
    JkUnmount /info.php ajp13_worker

    DocumentRoot /var/www/
</VirtualHost>

<VirtualHost *:80>
    RedirectPermanent / https://grapple.caret.cam.ac.uk
</VirtualHost>

[2] http://devel.it.su.se/pub/jsp/polopoly.jsp?d=2376&a=21472
[3] Sakai properties
login.redirect.url=/index.html
login.use.xlogin.to.relogin=false
container.login=true
container.auth=true
top.login=false

login.text=Shibboleth Login