Rewrites
We're getting there - there are some rewrite rules we use to set up dynamic redirections on the site, so we can add /coolnewthing and set up a redirection in the database rather than having to tweak the apache config each time.

These rewrites only apply to the http service (not the https virtual host).

Checking the documentation for mod_rewrite, it's clear that the request URL gets rewritten before we get a chance to pass it through Shibboleth. By the time we would do that, it no longer looks like a request we would want Shibboleth to intercept.

So: added rewrite exemptions for the test path we want to protect and the Shibboleth session handlers.

This is better; I now get sent to the IdP when I try to access the protected resource. Once I've signed in though, the IdP and our Shibd get into a loop where the credentials are sent again and again until I kill the browser. This doesn't happen when I use the https: address, so I suspect I've still got a dodgy rewrite somewhere. Investigating...

T

Labels: config, mod_rewrite, shibboleth

- posted by Tim Bruce @ 11:43 AM