Apache config with Shibboleth [SOLVED]

I’ve been struggling for a while now to get my Shibboleth running. My login workflow works except for that anything related to /Shibboleth.sso/ doesn’t get sent to Shibboleth, rather returns the seafile 404 page. I’ve attached the relevant section of my apache config since I am still relatively new to apache. Does anyone have any ideas what could be causing this?

Many thanks,

Andy M.

`


UseCanonicalName On
RewriteEngine On

    <Location /Shibboleth.sso>
            SetHandler shib-handler 
            Satisfy Any
    </Location>


    <Location /api2>
    AuthType None
    Require all granted
    Allow from all
    satisfy any
    </Location>


    <Location /media>
    Require all granted
    </Location>

    <Location /shib-login>
    AuthType shibboleth
    ShibRequestSetting requireSession true
    Require valid-user
    </Location>
	
	

    #
    # seafile fileserver
    #
    ProxyPass /seafhttp http://127.0.0.1:8082
    ProxyPassReverse /seafhttp http://127.0.0.1:8082
    RewriteRule ^/seafhttp - [QSA,L]

SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / fcgi://127.0.0.1:8000/
</VirtualHost>

`

Hi,
i had many issues with Shib Apache Config.
Can you try this ?

  <Location /Shibboleth.sso>
        SetHandler shib
        
        AuthType shibboleth
        ShibRequestSetting requireSession 1
        ShibRequestSetting applicationId default
        require shib-session
  </Location>

This seems to have finally done the trick. Thanks so much!

Actually, upon successful authorization I’m getting redirected incorrectly, could you show me your “seahub” rewrite block? I’m fairly certain the issue is somewhere in there. Many thanks!

Extended…

For Seahub

   # seafile config
 
   Alias /seafmedia  /home/cc/seafile/seafile-server-latest/seahub/media
   RewriteEngine On   
   
   #
   # seafile fileserver
   #
   ProxyPass /seafhttp http://127.0.0.1:8082
   ProxyPassReverse /seafhttp http://127.0.0.1:8082
   RewriteRule ^/seafhttp - [QSA,L]

  <Location /seafmedia>
  #Order allow,deny
  #Allow from all
  ProxyPass !
  Require all granted
  </Location>
  
  
  <Directory /home/cc/seafile/seafile-server-latest/seahub/media>
  Order allow,deny
  Allow from all
  #New directive needed in Apache 2.4.3: 
  Require all granted
  </Directory> 

  #
  # seafile webdav
  #
  RewriteCond %{HTTP:Authorization} (.+)
  RewriteRule ^(/davf.*)$ /seafdav.fcgi$1 [QSA,L,e=HTTP_AUTHORIZATION:%1]
  RewriteRule ^(/davf.*)$ /seafdav.fcgi$1 [QSA,L]

   
  #
  # seahub
  #
  RewriteRule ^/(seafmedia.*)$ /$1 [QSA,L,PT]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^(.*)$ /seahub.fcgi/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

For Shibboleth

  #Shibboleth
  <Location /Shibboleth.sso>
        SetHandler shib
        
        AuthType shibboleth
        ShibRequestSetting requireSession 1
        ShibRequestSetting applicationId default
        require shib-session
  </Location>

  <Location /api2>
        AuthType None
        Require all granted
        Allow from all
        satisfy any
  </Location>
  
  <Location /shib-login>
        AuthType shibboleth          
        ShibRequestSetting requireSession true
        Require valid-user
  </Location>