[Building Sakai] Shibbolizing Sakai

Denny denny.denny at gmail.com
Sun Jan 16 15:13:58 PST 2011 

Hi Natalia,

You need to ensure that your shibboleth installation work properly
without sakai. It seems that it works as
https://sakai.win.tue.nl/secure/ redirects to your IdP.

Normally, https://sakai.win.tue.nl/portal/login at the end redirects to
your IdP or DS. However, this is not the case in your installation. 

Ensure that /sakai-login-tool/container is protected by Shibboleth in
your apache configuration

<Location "/sakai-login-tool/container">
AuthType shibboleth
ShibRequireSession On
require shibboleth
AllowOverride Options
</Location>

Ensure the right shib container login in your sakai-login-tool (web.xml)
    <servlet>
        <servlet-name>sakai.login.container</servlet-name>
<servlet-class>org.sakaiproject.login.tool.ShibContainerLogin</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

Have you added tomcatAuthentication="false" to your tomcat connector
(conf/server.xml)?

Check what attributes are released by the IDP (see transaction.log in
your shibboleth log directory). Compare that with
your /etc/shibboleth/shibboleth.xml and the attributes used in
REMOTE_USER.

I hope it helps.

Cheers,

Denny

-- 
Denny
Systems Developer
Enterprise Systems
Division of Information
Building 3, K Block
The Australian National University
Canberra ACT 0200 Australia

T: +61 2 6125 2427

CRICOS Provider # 00120C


On Sat, 2011-01-15 at 18:49 +0100, Natalia Stash wrote:
> Hi Kevin, 
> 
> No, unfortunately this does not help:(
> 
> Regards, 
> Natasha.
> 
> On Jan 15, 2011, at 2:36 PM, Kevin P. Foote wrote:
> 
> > sakai.properties ?
> > 
> > container.login=true
> > 
> > ------
> > thanks
> >  kevin.foote
> > 
> > 
> > On Sat, 15 Jan 2011 13:33:11 +0100
> >  Natalia Stash <natalia.stash at gmail.com> wrote:
> >> Dear Abdul, Thank you for your quick response!
> >> Both sakai-login-tool.war and sakai-login-tool directory are present in tomcat/webapps.
> >> Regards, Natasha.
> >> On Jan 15, 2011, at 1:25 PM, Abdul khader wrote:
> >>> Hi,
> >>> Please check in your tomcat/webapps directory if you have folder by the name "sakai-login-tool". Also, check if you have a file like sakai-login-tool.war, If the file is present but not the folder, it means the app sakai-login-tool is compiled by sakai but not deployed. In case both the file and folder not present, then sakai-login-tool is not compiled by sakai.
> >>> Hope that helps.
> >>> Abdul Khader

More information about the sakai-dev mailing list