Shibboleth IDP v4.0 to v4.16 Upgrade - Broken AuthN Flow - Help Required
prasannacgin at yahoo.in
Wed Apr 6 19:25:55 UTC 2022
Reaching out for help.
As a fix for the ‘Spring4Shell’ vulnerability, I am working on an emergency upgrade of our Shibboleth IDP v4.0.1 to v4.1.6. I am doing a quick POC of the upgrade to document the steps. In my POC, I noticed that a custom authentication definition/flow that we were using before the upgrade is broken post upgrade and it no longer works. I get an error message in the “idp-process.log” as below
2022-04-06 17:57:24,989 - 172.19.38.154 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception
org.springframework.webflow.definition.registry.NoSuchFlowDefinitionException: No flow definition 'authn/CustomMfa' found
2022-04-06 17:57:25,003 - 172.19.38.154 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: RuntimeException
Upon checking the “modules” enabled, I noticed that my custom module was not enabled. Trying to enable it also returns the below error
# ./module.sh -e idp.authn.CustomMfa
WARN - Unable to find property resource 'class path resource [../conf/authn/duo.properties]' (check idp.additionalProperties?)
Unknown modules: [idp.authn.CustomMfa]
My CustomMFA definition gets invoked from the MFA Authentication definition with - “mfa-authn-config.xml” having a Java script for conditional invocation based on a user’s AD attribute.
Post upgrade, I see the custom authentication definition continues to have the bean definition entry in - “authn/general-authn.xml”. But I dont see any entry added for it in “authn/authn.properties” for it.
Can someone provide pointers on what I am missing as part of the upgrade and what is required to have my authentication flow restored with 4.1.6 ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users