Project

General

Profile

Actions

Config #7551

open

Shibboleth configuration needs update on mentat-hub.cesnet.cz

Added by Radko Krkoš 10 months ago. Updated 10 months ago.

Status:
New
Priority:
Low
Assignee:
Category:
-
Target version:
Start date:
02/02/2022
Due date:
% Done:

0%

Estimated time:
To be discussed:

Description

As shown by systemctl status apache2, see below, multiple Shibboleth errors and warnings are reported, due to configuration deficiencies. It seems that the configuration was not redone during upgrade from Shibboleth v2 to v3, where major changes were required (as I recall from other hosts). Also, the hostel identity provider is still present, which was shut-down quite some time ago.

Feb 01 00:02:56 mentat-hub shibboleth[20401]: ERROR Shibboleth.Listener [20401] shib_handler [default]: remoted message returned an error: Unable to locate metadata for identity provider (https://idp.hostel.eduid.cz/idp/shibboleth)
Feb 01 00:02:56 mentat-hub shibboleth[20401]: ERROR Shibboleth.Apache [20401] shib_handler: Unable to locate metadata for identity provider (https://idp.hostel.eduid.cz/idp/shibboleth)
Feb 02 00:00:01 mentat-hub systemd[1]: Reloading The Apache HTTP Server.
Feb 02 00:00:02 mentat-hub systemd[1]: Reloaded The Apache HTTP Server.
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.Config : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.RequestMapper : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22059]: WARN Shibboleth.Application : custom cookieProps setting should include "; HttpOnly", site is vulnerable to client-side cookie theft
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.Config : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.RequestMapper : DEPRECATED: legacy 2.0 configuration, support will be removed from a future version of the software
Feb 02 00:00:03 mentat-hub shibboleth[22058]: WARN Shibboleth.Application : custom cookieProps setting should include "; HttpOnly", site is vulnerable to client-side cookie theft

Actions #1

Updated by Pavel Kácha 10 months ago

  • Assignee set to Pavel Kácha
Actions #2

Updated by Pavel Kácha 10 months ago

  • To be discussed deleted (Yes)
Actions

Also available in: Atom PDF