Installation of OpenID connect extension in Shibboleth v3

Darren Boss darren.boss at
Thu Apr 16 12:53:57 EDT 2020

I was going to follow up but got distracted.

I've been able to test my setup with an OIDC RP using mod_auth_openidc so I
know the configuration is working. The /idp/profile/oidc/register still is
generating that error which is what I'll look at fixing now that I've got a
few more tips on what to look at.

On Thu, Apr 16, 2020 at 11:56 AM Henri Mikkonen <henri.mikkonen at>

> I've followed that exact page form the wiki to get the extension
> configured but I'm stuck now with an error when testing an RP when the
> client tried to register or when I request the /idp/profile/oidc/discovery
> url. In the logs I keep seeing InvalidProfileConfiguration errors for both
> registration and for discovery. What files should I be focusing on to fix
> this issue?
> Check out from the conf/relying-party.xml that you have enabled
> OIDC.Configuration (corresponds to /idp/profile/oidc/discovery URL) and
> OIDC.Registration (/idp/profile/oidc/register) for
> shibboleth.UnverifiedRelyingParty.
> The example on the installation instructions [1] only contains
> OIDC.Keyset, perhaps it should also contain OIDC.Configuration. The dynamic
> OP configuration (i.e. the OIDC.Configuration profile) is documented in
> here [2]
> BR,
> Henri.
> [1]
> [2]
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at

Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
darren.boss at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list