Installation of OpenID connect extension in Shibboleth v3

Darren Boss darren.boss at computecanada.ca
Thu Apr 9 11:11:12 EDT 2020 

I missed one step. I didn't add
p:responderIdLookupStrategy-ref="profileResponderIdLookupFunction"
to
"shibboleth.UnverifiedRelyingParty" and "shibboleth.DefaultRelyingParty"
in relying-party.xml but I'm still getting the same error.

On Thu, Apr 9, 2020 at 9:58 AM Darren Boss <darren.boss at computecanada.ca>
wrote:

> shibboleth.DefaultRelyingParty
> I'm attaching my issue to this email thread since I'm in a very similar
> situation with the OpenID extension although I'm integrating with v4.0.0.
> I've followed that exact page form the wiki to get the extension configured
> but I'm stuck now with an error when testing an RP when the client tried to
> register or when I request the /idp/profile/oidc/discovery url. In the logs
> I keep seeing InvalidProfileConfiguration errors for both registration and
> for discovery. What files should I be focusing on to fix this issue?
>
> Here are some of the errors in the logs:
> ||||||||||||Discovery||||||Mozilla/5.0 (X11; Fedora; Linux x86_64;
> rv:74.0) Gecko/20100101 Firefox/74.0
> INFO [Shibboleth-Audit.OIDCSSO:282] -
> 142.182.228.204||2020-04-09T13:35:28.929456Z||||||||||||Discovery||||||Mozilla/5.0
> (X11; Fedora; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
> WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:118] -
> Profile Action SelectProfileConfiguration: Profile
> http://csc.fi/ns/profiles/oidc/registration is not available for RP
> configuration shibboleth.UnverifiedRelyingParty (RPID null)
> WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:118] -
> Profile Action SelectProfileConfiguration: Profile
> http://csc.fi/ns/profiles/oidc/registration is not available for RP
> configuration shibboleth.UnverifiedRelyingParty (RPID null)
> WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event
> occurred while processing the request: InvalidProfileConfiguration
> WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event
> occurred while processing the request: InvalidProfileConfiguration
>
> I'm guessing that I should be scrutinizing relying-party.xml and
> oidc-relying-party.xml? I added the beans from the wiki to the
> shibboleth.DefaultRelyingParty as per the wiki instructions.
>
> On Wed, Apr 8, 2020 at 11:53 PM Ronish Zadode <
> ronish_zadode at persistent.com> wrote:
>
>> Thanks kevin.. Will look into it
>>
>> Get Outlook for Android <https://aka.ms/ghei36>
>> ------------------------------
>> *From:* users <users-bounces at shibboleth.net> on behalf of Kevin Foote <
>> kevin.foote at colorado.edu>
>> *Sent:* Thursday, April 9, 2020 12:59:16 AM
>> *To:* Shib Users <users at shibboleth.net>
>> *Subject:* Re: Installation of OpenID connect extension in Shibboleth v3
>>
>> Hi Ronish,
>>
>> Here is the best set of install instructions when starting off with the
>> plugin.
>>
>>
>> https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/Installing-from-archive
>>
>> --------
>> thanks
>>  kevin.foote
>>
>> > On Apr 8, 2020, at 12:39 PM, Ronish Zadode <
>> ronish_zadode at persistent.com> wrote:
>> >
>> > Hi,
>> > Can someone help me with fix set of steps to install and configure
>> OpenID connect extension correctly in Shibboleth V3. (I'm using V3. 4.6)
>> >
>> > Thanks,
>> > Ronish
>> >
>> > Get Outlook for Android
>> > DISCLAIMER
>> > ==========
>> > This e-mail may contain privileged and confidential information which
>> is the property of Persistent Systems Ltd. It is intended only for the use
>> of the individual or entity to which it is addressed. If you are not the
>> intended recipient, you are not authorized to read, retain, copy, print,
>> distribute or use this message. If you have received this communication in
>> error, please notify the sender and delete all copies of this message.
>> Persistent Systems  Ltd. does not accept any liability for virus infected
>> mails.
>> > --
>> > For Consortium Member technical support, see
>> https://secure-web.cisco.com/1KiHzGKUHh_cxiJKcwdrM2Ck-O79sbCp2eoE0auzC5kxaa_DwlFIUulMgn3CoLVcwIJaq2ah2EJF4kDLDpiGoeQeaHV8Ro595iCsQPK37vHPGpCLrz1hWhzXuaXnZl7pr0_VEDSKgwCoYgkWwbdK6ACHTNMMC4Xnpk3KbKdaPF_4IUC2hY7YZ_NsXmLmEqncaPsoXpUeN7L8iFqoV4MdIXCLLkPVcQuXmzA3ci2nvuenrXfMbVpf4yGZHGygWAQ5Cwuz675eUO8tl6k2twAdWS8gZR5_OQm3Pu3TAHbRTTCJqFIiMd8p57L5l7bWFhQZGr9wgTyme9yfvA8JOfStF8kKlxAbUsT4lgoNq4sb8ZezTQoB8uzJspfkkfE_Mr5MUDlygWcITckic_AT4ie_XH-Nf7unKa1CQaBn2VrkwxE9H1NnuSuNZRxNYFTP5RE7-D7tFEfl5za8u9j11EMbflg/https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg
>> > To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
>
>
> --
> Darren Boss
> Senior Programmer/Analyst
> Programmeur-analyste principal
> darren.boss at computecanada.ca
>


-- 
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
darren.boss at computecanada.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200409/d5e2c0b2/attachment.html>

More information about the users mailing list