Project

General

Profile

Actions

Config #7551

closed

Shibboleth configuration needs update on mentat-hub.cesnet.cz

Added by Radko Krkoš over 2 years ago. Updated 2 months ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
-
Target version:
Start date:
02/02/2022
Due date:
% Done:

0%

Estimated time:
To be discussed:

Description

As shown by systemctl status apache2, see below, multiple Shibboleth errors and warnings are reported, due to configuration deficiencies. It seems that the configuration was not redone during upgrade from Shibboleth v2 to v3, where major changes were required (as I recall from other hosts). Also, the hostel identity provider is still present, which was shut-down quite some time ago.

Feb 01 00:02:56 mentat-hub shibboleth[20401]: ERROR Shibboleth.Listener [20401] shib_handler [default]: remoted message returned an error: Unable to locate metadata for identity provider (https://idp.hostel.eduid.cz/idp/shibboleth)
Feb 01 00:02:56 mentat-hub shibboleth[20401]: ERROR Shibboleth.Apache [20401] shib_handler: Unable to locate metadata for identity provider (https://idp.hostel.eduid.cz/idp/shibboleth)
Feb 02 00:00:01 mentat-hub systemd[1]: Reloading The Apache HTTP Server.
Feb 02 00:00:02 mentat-hub systemd[1]: Reloaded The Apache HTTP Server.
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.Config : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.RequestMapper : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.Application : custom cookieProps setting should include "; HttpOnly", site is vulnerable to client-side cookie theft
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.Config : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.RequestMapper : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.Application : custom cookieProps setting should include "; HttpOnly", site is vulnerable to client-side cookie theft

Actions #1

Updated by Pavel Kácha over 2 years ago

  • Assignee set to Pavel Kácha
Actions #2

Updated by Pavel Kácha over 2 years ago

  • To be discussed deleted (Yes)
Actions #3

Updated by Pavel Kácha over 1 year ago

Note: PDNS is already adapted to Shib 3, we could learn/merge from config.

Actions #4

Updated by Pavel Kácha 2 months ago

  • Status changed from New to Closed
  • Target version changed from Backlog to 2.12

Done during 2.12 version and server upgrade.

Actions

Also available in: Atom PDF