shibboleth idp with google

Sean Porth sporth at unicon.net
Mon Aug 15 12:36:28 UTC 2022 

Try setting idp.authn.LDAP.useSSL=false .  That property has been
depreciated (false is the default) in lieu of explicitly signaling TLS via
ldaps://

LDAP code 91 implies you were able to make a network connection to the
server but unable to negotiate a session.

On Mon, Aug 15, 2022 at 6:37 AM Aisha Al Fudhaili <aisha at omren.om> wrote:

> Yes.
> I tried
> idp.authn.LDAP.ldapURL = ldaps://ldap.google.com:636
> idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.useSSL = true  with no
> luck. I receive same error
> -----Original Message-----
> From: users <users-bounces at shibboleth.net> On Behalf Of Jarno Huuskonen
> Sent: Monday, August 15, 2022 2:26 PM
> To: users at shibboleth.net
> Subject: Re: shibboleth idp with google
>
> Hello,
>
> On Mon, 2022-08-15 at 09:25 +0000, Aisha Al Fudhaili wrote:
> > “DEBUG [org.ldaptive.provider.unboundid.UnboundIDConnectionFactory:90]
> > - Error connecting to LDAP URL: ldap://ldap.google.com:636
> > org.ldaptive.provider.ConnectionException: LDAPException(resultCode=91
> > (connect error), errorMessage='An error occurred while attempting to
> > connect to server ldap.google.com:636:
> > IOException(LDAPException(resultCode=91 (connect error),
> > errorMessage='An error occurred while attempting to establish a
> > connection to server
> > ldap.google.com/216.239.32.58:636:  ConnectException(Connection timed
> out:
> > connect), ldapSDKVersion=4.0.14,
> > revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))')
>
> > ## Connection properties ##
> > idp.authn.LDAP.ldapURL                          =
> > ldap://ldap.google.com:636
> > idp.authn.LDAP.useStartTLS                     = true
>
> You'll probably want:
> idp.authn.LDAP.ldapURL = ldaps://ldap.google.com:636
> idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.useSSL = true #OR
> #idp.authn.LDAP.ldapURL = ldap://ldap.google.com:389
> #idp.authn.LDAP.useStartTLS = true #idp.authn.LDAP.useSSL = false
>
> port 636 is usually ldaps not ldap+startls.
>
> But check that your firewall allows connection to ldap.google.com:636 for
> example with openssl:
> openssl s_client -connect ldap.google.com:636
>
> > idp.authn.LDAP.trustCertificates                =
> %{idp.home}/credentials/ldap-client.p12
>
> Are you trying to use client certificate authentication to ldap.google.com
> ?
>
>
> These might help you:
>
> https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631612/LDAPAuthnConfiguration
>
> https://www.unicon.net/insights/blogs/ldap-tlsssl-config-shibboleth-idp-explained
>
> -Jarno
>
> --
> Jarno Huuskonen
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220815/f4ee083f/attachment.htm>

More information about the users mailing list