Hi Naveed,
The default install will only let you access the status page from on 127.0.0.1 - so from on the host itself. So the IdP is doing its job correctly there.
To change that, change conf/access-control.xml - see https://wiki.shibboleth.net/confluence/display/IDP30/AccessControlConfiguration - to whitelist the IPs you want to be able to access that page.
Rhys.
--
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
Jisc
T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Skype: rhys-smith
GPG: 0x4638C985
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
> On 28 Jan 2016, at 17:34, Naveed Hashmi <[log in to unmask]> wrote:
>
> Apologies, the idp process log *also* throws the following ..
>
> 2016-01-28 16:11:25,594 - WARN [net.shibboleth.utilities.java.support.security.IPRangeAccessControl:94] - Policy shibboleth.IPRangeAccessControl$child#50994a3d: Denied request from client address '137.222.250.139'
>
> Naveed
>
>
>
> On 28 January 2016 at 16:24, Naveed Hashmi <[log in to unmask]> wrote:
> Hi
>
> I've had a go at installing the latest IdP on a test VM, fronting tomcat with apache ... the idp-process log shows the following soon after the IdP starts up ..
>
> 2016-01-28 16:11:15,572 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: AccessDenied
>
> When I access https://idp-url/idp/status, I see a page with the following ..
>
> Web Login Service - Access Denied
>
> You do not have access to the requested resource.
>
> Any pointers as to where I've messed up are much appreciated.
>
> Thanks
>
> Naveed
>
>
>
>
|