Mentat

As shown by systemctl status apache2, see below, multiple Shibboleth errors and warnings are reported, due to configuration deficiencies. It seems that the configuration was not redone during upgrade from Shibboleth v2 to v3, where major changes were required (as I recall from other hosts). Also, the hostel identity provider is still present, which was shut-down quite some time ago.

Feb 01 00:02:56 mentat-hub shibboleth[20401]: ERROR Shibboleth.Listener [20401] shib_handler [default]: remoted message returned an error: Unable to locate metadata for identity provider (https://idp.hostel.eduid.cz/idp/shibboleth)
Feb 01 00:02:56 mentat-hub shibboleth[20401]: ERROR Shibboleth.Apache [20401] shib_handler: Unable to locate metadata for identity provider (https://idp.hostel.eduid.cz/idp/shibboleth)
Feb 02 00:00:01 mentat-hub systemd[1]: Reloading The Apache HTTP Server.
Feb 02 00:00:02 mentat-hub systemd[1]: Reloaded The Apache HTTP Server.
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.Config : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.RequestMapper : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.Application : custom cookieProps setting should include "; HttpOnly", site is vulnerable to client-side cookie theft
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.Config : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.RequestMapper : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.Application : custom cookieProps setting should include "; HttpOnly", site is vulnerable to client-side cookie theft