shibboleth idp with google

Aisha Al Fudhaili aisha at omren.om
Mon Aug 15 10:37:01 UTC 2022 

Yes. 
I tried 
idp.authn.LDAP.ldapURL = ldaps://ldap.google.com:636 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.useSSL = true  with no luck. I receive same error
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Jarno Huuskonen
Sent: Monday, August 15, 2022 2:26 PM
To: users at shibboleth.net
Subject: Re: shibboleth idp with google

Hello,

On Mon, 2022-08-15 at 09:25 +0000, Aisha Al Fudhaili wrote:
> “DEBUG [org.ldaptive.provider.unboundid.UnboundIDConnectionFactory:90] 
> - Error connecting to LDAP URL: ldap://ldap.google.com:636
> org.ldaptive.provider.ConnectionException: LDAPException(resultCode=91 
> (connect error), errorMessage='An error occurred while attempting to 
> connect to server ldap.google.com:636:
> IOException(LDAPException(resultCode=91 (connect error), 
> errorMessage='An error occurred while attempting to establish a 
> connection to server
> ldap.google.com/216.239.32.58:636:  ConnectException(Connection timed out:
> connect), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))')

> ## Connection properties ##
> idp.authn.LDAP.ldapURL                          =
> ldap://ldap.google.com:636
> idp.authn.LDAP.useStartTLS                     = true

You'll probably want:
idp.authn.LDAP.ldapURL = ldaps://ldap.google.com:636 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.useSSL = true #OR #idp.authn.LDAP.ldapURL = ldap://ldap.google.com:389 #idp.authn.LDAP.useStartTLS = true #idp.authn.LDAP.useSSL = false

port 636 is usually ldaps not ldap+startls.

But check that your firewall allows connection to ldap.google.com:636 for example with openssl:
openssl s_client -connect ldap.google.com:636

> idp.authn.LDAP.trustCertificates                =
%{idp.home}/credentials/ldap-client.p12

Are you trying to use client certificate authentication to ldap.google.com ?


These might help you:
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631612/LDAPAuthnConfiguration
https://www.unicon.net/insights/blogs/ldap-tlsssl-config-shibboleth-idp-explained

-Jarno

--
Jarno Huuskonen
--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list