Shibboleth-oidc Issue

Wessel, Keith kwessel at
Fri Nov 16 11:36:49 EST 2018

You might want to upgrade to IdP 3.4 and use the now-in-beta Geant extension. It’ll be standard in the IdP in the future.


From: users <users-bounces at> On Behalf Of Matt Brennan
Sent: Friday, November 16, 2018 10:35 AM
To: users at
Subject: Shibboleth-oidc Issue

Hi All,

  I installed the uchicago/shibboleth-oidc extension on IDP 3.3.2 in my staging environment last week. I am using the Default IdP configuration (from the instructions in the read me in the gitHub repository). I've been troubleshooting a problem for several days now and am at a loss. I am hoping someone here may be able to help me.

  The extension is loging and the appropriate end points appear to be exposed, however I keep getting an InsufficientAuthenticationException passed up to the browser whenever I make an authorization attempt. I have configured the mvc-beans.xml file to ignore the exception, and I have confirmed this is at least partially working -- with the ignore line, I get a Tomcat 500 error; without the ignore line I get an error in my standard velocity error template.

  Despite setting the log level for the related OIDC services to debug, I don't seem to get any log messages other than the stack trace with the InsufficientAuthenticationException. I am at a loss as to where to look to find the issue.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list