Installation of OpenID connect extension in Shibboleth v3

Henri Mikkonen henri.mikkonen at
Thu Apr 16 11:56:21 EDT 2020

> I've followed that exact page form the wiki to get the extension configured but I'm stuck now with an error when testing an RP when the client tried to register or when I request the /idp/profile/oidc/discovery url. In the logs I keep seeing InvalidProfileConfiguration errors for both registration and for discovery. What files should I be focusing on to fix this issue?

Check out from the conf/relying-party.xml that you have enabled OIDC.Configuration (corresponds to /idp/profile/oidc/discovery URL) and OIDC.Registration (/idp/profile/oidc/register) for shibboleth.UnverifiedRelyingParty.

The example on the installation instructions [1] only contains OIDC.Keyset, perhaps it should also contain OIDC.Configuration. The dynamic OP configuration (i.e. the OIDC.Configuration profile) is documented in here [2]


[1] <>
[2] <>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list