MFA - Targeted login flow 'authn/privacyidea' is not configured, check available flow descriptors

Simon Kainz simon.kainz at tugraz.at
Mon Oct 24 11:42:25 UTC 2022 


Hello,

after upgrading to 4.2.1, I am currently struggling to make the MFA +
privacyidea flow working again.

I followed the instruction on the privacy ide plugin installation (https://github.com/privacyidea/simplesamlphp-module-privacyidea).

my mfa-auth.xml looks as following:


..
    <util:map id="shibboleth.authn.MFA.TransitionMap">
        <!-- First rule runs the IPAddress login flow. -->
        <entry key="">
            <bean parent="shibboleth.authn.MFA.Transition" p:nextFlow="authn/Password" />
        </entry>



        <entry key="authn/Password">
            <bean parent="shibboleth.authn.MFA.Transition" p:nextFlow="authn/privacyidea" />
        </entry>

...

On login, i get promted for the password, and afterwars i get an error ;


opensaml::BindingException
The system encountered an error at Mon Oct 24 13:32:43 2022

To report this problem, please contact the site administrator at xxx at yyyyyyy.

Please include the following message in any email:

opensaml::BindingException at (https://xxxxxxxxxxxxxxxxxxx//Shibboleth.sso/SAML2/Artifact)

Unable to resolve artifact(s) into a SAML response.




I see the following entries in the idp-process.log file, which show me
that the flow itself is picked up, but not "configured":


2022-10-24 13:26:22,721 -  - DEBUG [net.shibboleth.idp.profile.spring.factory.FlowDefinitionRegistryFactoryBean:254] - Registered flow ID 'authn/privacyidea' using 'file [/opt/shibboleth-idp/flows/authn/privacyidea/privacyidea-flow.xml]'
2022-10-24 13:32:43,805 - 129.27.9.27 - DEBUG [net.shibboleth.idp.authn.impl.TransitionMultiFactorAuthentication:226] - Profile Action TransitionMultiFactorAuthentication: MFA flow transition after 'proceed' event to 'authn/privacyidea' flow
2022-10-24 13:32:43,805 - 129.27.9.27 - ERROR [net.shibboleth.idp.authn.impl.TransitionMultiFactorAuthentication:262] - Profile Action TransitionMultiFactorAuthentication: Targeted login flow 'authn/privacyidea' is not configured, check available flow descriptors



2022-10-24 13:32:43,805 - 129.27.9.27 - ERROR [net.shibboleth.idp.authn.impl.TransitionMultiFactorAuthentication:262] - Profile Action TransitionMultiFactorAuthentication: Targeted login flow 'authn/privacyidea' is not configured, check available flow descriptors


WHere/how can i find out how to "configure" it properly?

Thank you.

Simon


-- 
DI Simon Kainz
Technische Universität Graz
Zentraler Informatikdienst - Serveroperating & HPC
Steyrergasse 30/1, 8010 Graz, Austria
Tel.: +43 316 873 6885
Mobil: +43 664 60 873 6885
Fax: +43 316 873 106885
E-Mail: simon.kainz at tugraz.at
www.zid.tugraz.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2740 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20221024/152425f9/attachment.bin>

More information about the users mailing list