shibboleth idp with google
Jarno Huuskonen
jarno.huuskonen at uef.fi
Mon Aug 15 10:25:42 UTC 2022
Hello,
On Mon, 2022-08-15 at 09:25 +0000, Aisha Al Fudhaili wrote:
> “DEBUG [org.ldaptive.provider.unboundid.UnboundIDConnectionFactory:90] -
> Error connecting to LDAP URL: ldap://ldap.google.com:636
> org.ldaptive.provider.ConnectionException: LDAPException(resultCode=91
> (connect error), errorMessage='An error occurred while attempting to
> connect to server ldap.google.com:636:
> IOException(LDAPException(resultCode=91 (connect error), errorMessage='An
> error occurred while attempting to establish a connection to server
> ldap.google.com/216.239.32.58:636: ConnectException(Connection timed out:
> connect), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))')
> ## Connection properties ##
> idp.authn.LDAP.ldapURL =
> ldap://ldap.google.com:636
> idp.authn.LDAP.useStartTLS = true
You'll probably want:
idp.authn.LDAP.ldapURL = ldaps://ldap.google.com:636
idp.authn.LDAP.useStartTLS = false
idp.authn.LDAP.useSSL = true
#OR
#idp.authn.LDAP.ldapURL = ldap://ldap.google.com:389
#idp.authn.LDAP.useStartTLS = true
#idp.authn.LDAP.useSSL = false
port 636 is usually ldaps not ldap+startls.
But check that your firewall allows connection to ldap.google.com:636 for
example with openssl:
openssl s_client -connect ldap.google.com:636
> idp.authn.LDAP.trustCertificates =
%{idp.home}/credentials/ldap-client.p12
Are you trying to use client certificate authentication to ldap.google.com ?
These might help you:
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631612/LDAPAuthnConfiguration
https://www.unicon.net/insights/blogs/ldap-tlsssl-config-shibboleth-idp-explained
-Jarno
--
Jarno Huuskonen
More information about the users
mailing list