Installation of OpenID connect extension in Shibboleth v3

Darren Boss darren.boss at computecanada.ca
Thu Apr 9 09:58:34 EDT 2020 

shibboleth.DefaultRelyingParty
I'm attaching my issue to this email thread since I'm in a very similar
situation with the OpenID extension although I'm integrating with v4.0.0.
I've followed that exact page form the wiki to get the extension configured
but I'm stuck now with an error when testing an RP when the client tried to
register or when I request the /idp/profile/oidc/discovery url. In the logs
I keep seeing InvalidProfileConfiguration errors for both registration and
for discovery. What files should I be focusing on to fix this issue?

Here are some of the errors in the logs:
||||||||||||Discovery||||||Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:74.0)
Gecko/20100101 Firefox/74.0
INFO [Shibboleth-Audit.OIDCSSO:282] -
142.182.228.204||2020-04-09T13:35:28.929456Z||||||||||||Discovery||||||Mozilla/5.0
(X11; Fedora; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:118] -
Profile Action SelectProfileConfiguration: Profile
http://csc.fi/ns/profiles/oidc/registration is not available for RP
configuration shibboleth.UnverifiedRelyingParty (RPID null)
WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:118] -
Profile Action SelectProfileConfiguration: Profile
http://csc.fi/ns/profiles/oidc/registration is not available for RP
configuration shibboleth.UnverifiedRelyingParty (RPID null)
WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event
occurred while processing the request: InvalidProfileConfiguration
WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event
occurred while processing the request: InvalidProfileConfiguration

I'm guessing that I should be scrutinizing relying-party.xml and
oidc-relying-party.xml? I added the beans from the wiki to the
shibboleth.DefaultRelyingParty as per the wiki instructions.

On Wed, Apr 8, 2020 at 11:53 PM Ronish Zadode <ronish_zadode at persistent.com>
wrote:

> Thanks kevin.. Will look into it
>
> Get Outlook for Android <https://aka.ms/ghei36>
> ------------------------------
> *From:* users <users-bounces at shibboleth.net> on behalf of Kevin Foote <
> kevin.foote at colorado.edu>
> *Sent:* Thursday, April 9, 2020 12:59:16 AM
> *To:* Shib Users <users at shibboleth.net>
> *Subject:* Re: Installation of OpenID connect extension in Shibboleth v3
>
> Hi Ronish,
>
> Here is the best set of install instructions when starting off with the
> plugin.
>
>
> https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/Installing-from-archive
>
> --------
> thanks
>  kevin.foote
>
> > On Apr 8, 2020, at 12:39 PM, Ronish Zadode <ronish_zadode at persistent.com>
> wrote:
> >
> > Hi,
> > Can someone help me with fix set of steps to install and configure
> OpenID connect extension correctly in Shibboleth V3. (I'm using V3. 4.6)
> >
> > Thanks,
> > Ronish
> >
> > Get Outlook for Android
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Ltd. It is intended only for the use of
> the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems  Ltd. does not accept any liability for virus infected
> mails.
> > --
> > For Consortium Member technical support, see
> https://secure-web.cisco.com/1KiHzGKUHh_cxiJKcwdrM2Ck-O79sbCp2eoE0auzC5kxaa_DwlFIUulMgn3CoLVcwIJaq2ah2EJF4kDLDpiGoeQeaHV8Ro595iCsQPK37vHPGpCLrz1hWhzXuaXnZl7pr0_VEDSKgwCoYgkWwbdK6ACHTNMMC4Xnpk3KbKdaPF_4IUC2hY7YZ_NsXmLmEqncaPsoXpUeN7L8iFqoV4MdIXCLLkPVcQuXmzA3ci2nvuenrXfMbVpf4yGZHGygWAQ5Cwuz675eUO8tl6k2twAdWS8gZR5_OQm3Pu3TAHbRTTCJqFIiMd8p57L5l7bWFhQZGr9wgTyme9yfvA8JOfStF8kKlxAbUsT4lgoNq4sb8ZezTQoB8uzJspfkkfE_Mr5MUDlygWcITckic_AT4ie_XH-Nf7unKa1CQaBn2VrkwxE9H1NnuSuNZRxNYFTP5RE7-D7tFEfl5za8u9j11EMbflg/https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg
> > To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net



-- 
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
darren.boss at computecanada.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200409/21a0f4d6/attachment.html>

More information about the users mailing list