idp login issue connecting to ldap
Tom Zeller
tzeller at dragonacea.biz
Sat Aug 1 08:57:54 EDT 2015
> On Jul 31, 2015, at 11:33 PM, Jason Separovic <jseppa01 at gmail.com> wrote:
>
> Hi,
>
> I'm trying to setup a simple google apps test case with idp 3.1.2. I also have openldap 2.4.39-8.el6 setup on the same host
>
> It seems as though ldap is working fine when I use the aacli command:
>
> [root at dev1 bin]# ./aacli.sh --requester google.com --principal jason
>
> {
> "requester": "google.com",
> "principal": "jason",
> "attributes": [
>
>
> {
> "name": "googleNameID",
> "values": [
> "StringAttributeValue{value=jason at jseppa.com}" ]
> }
>
> ]
> }
>
>
> However, when I direct my browser to the google api, I get redirected to the idp login page as expected, however when I enter the ldap user/pass, the form just returns another blank form.
> Tcpdump on 389 reveals no attempt to connect to ldap and, org.ldaptive TRACE shows nothing in the logs.
>
> I'm using the following ldap in the attribute resolver, so I think the ldap.properties should be good:
>
> <resolver:DataConnector id="ldap" xsi:type="dc:LDAPDirectory"
> ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
> baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
> principal="%{idp.attribute.resolver.LDAP.bindDN}"
> principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}">
> <dc:FilterTemplate>
> <![CDATA[
> %{idp.attribute.resolver.LDAP.searchFilter}
> ]]>
> </dc:FilterTemplate>
> </resolver:DataConnector>
>
> Is there anything that needs to be configured in order to use ldap in the auth process? I'm sure I'm missing something simple here, just beating my head against the wall a bit.
The blank form sounds odd, but without more info I suggest start there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150801/303fd665/attachment-0001.html>
More information about the users
mailing list