Installation of OpenID connect extension in Shibboleth v3

[Darren Boss]

I was going to follow up but got distracted.

I've been able to test my setup with an OIDC RP using mod_auth_openidc so I
know the configuration is working. The /idp/profile/oidc/register still is
generating that error which is what I'll look at fixing now that I've got a
few more tips on what to look at.

On Thu, Apr 16, 2020 at 11:56 AM Henri Mikkonen <henri.mikkonen at csc.fi>
wrote:

> I've followed that exact page form the wiki to get the extension
> configured but I'm stuck now with an error when testing an RP when the
> client tried to register or when I request the /idp/profile/oidc/discovery
> url. In the logs I keep seeing InvalidProfileConfiguration errors for both
> registration and for discovery. What files should I be focusing on to fix
> this issue?
>
>
> Check out from the conf/relying-party.xml that you have enabled
> OIDC.Configuration (corresponds to /idp/profile/oidc/discovery URL) and
> OIDC.Registration (/idp/profile/oidc/register) for
> shibboleth.UnverifiedRelyingParty.
>
> The example on the installation instructions [1] only contains
> OIDC.Keyset, perhaps it should also contain OIDC.Configuration. The dynamic
> OP configuration (i.e. the OIDC.Configuration profile) is documented in
> here [2]
>
> BR,
> Henri.
>
> [1]
> https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/Installing-from-archive#profile-configurations
> [2]
> https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/DiscoveryAndOPConfiguration#the-discovery-flow-configuration
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net



-- 
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
darren.boss at computecanada.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200416/e28f62db/attachment.html>