Shibboleth v4.1.2 and DuoOIDC

Mark L. Boyce Mark.Boyce at ucop.edu
Fri Jun 4 23:37:12 UTC 2021 

Evening All,

Either I'm missing something (likely) or there something wrong:

following the instructions at 
https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration-QuickSetup 
and 
https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration#duo-oidc-username-determination 
I've installed the DuoOIDC plugin and enabled the module. I've added the 
appropriate entries into the duo-oidc properties file and created the 
new Web SDK in Duo. Edited MFA to replace my 2nd factor authn/Duo with 
authn/DuoOIDC. All appears as I believe it should. When I attempt to 
authenticate, however, I recieve the following in the IdP Warn/Process logs:

2021-06-04 16:00:31,234 - WARN 
[net.shibboleth.ext.spring.context.FilesystemGenericWebApplicationContext:?] 
- Exception encountered during context initialization - cancelling 
refresh attempt: 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'shibboleth.authn.DuoOIDC.DuoIntegration' defined in URL 
[jar:file:/apps/apache-tomcat-9.0.34/webapps/idp/WEB-INF/lib/idp-plugin-duo-impl-1.1.0.jar!/META-INF/net/shibboleth/idp/flows/authn/DuoOIDC/duo-oidc-authn-beans.xml]: 
Invocation of init method failed; nested exception is 
net.shibboleth.utilities.java.support.component.ComponentInitializationException: 
API host, clientId, secret key,token endpoint, health check endpoint, 
authorization endpoint, and one of redirectURI or allowed redirect URI 
origins must be set
2021-06-04 16:00:31,234 - ERROR 
[org.springframework.webflow.execution.FlowExecutionException:91] -
org.springframework.webflow.execution.FlowExecutionException: Exception 
thrown in state 'CallSubflow' of flow 'authn/MFA'
         at 
org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:573)
Caused by: org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'shibboleth.authn.DuoOIDC.DuoIntegration' 
defined in URL 
[jar:file:/apps/apache-tomcat-9.0.34/webapps/idp/WEB-INF/lib/idp-plugin-duo-impl-1.1.0.jar!/META-INF/net/shibboleth/idp/flows/authn/DuoOIDC/duo-oidc-authn-beans.xml]: 
Invocation of init method failed; nested exception is 
net.shibboleth.utilities.java.support.component.ComponentInitializationException: 
API host, clientId, secret key,token endpoint, health check endpoint, 
authorization endpoint, and one of redirectURI or allowed redirect URI 
origins must be set
         at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1786)
Caused by: 
net.shibboleth.utilities.java.support.component.ComponentInitializationException: 
API host, clientId, secret key,token endpoint, health check endpoint, 
authorization endpoint, and one of redirectURI or allowed redirect URI 
origins must be set
         at 
net.shibboleth.idp.plugin.authn.duo.DefaultDuoOIDCIntegration.doInitialize(DefaultDuoOIDCIntegration.java:286)

Any thoughts would be appreciated.

Thanks,

m.

-- 

University of California, Office Of The President

Information Technology Services
Senior Identity Management Analyst
Phone: 510.987.9681
University Of California Logo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210604/75083c19/attachment.htm>

More information about the users mailing list