<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Is this an upgraded system from v3? If so, did you set the property to tell the IdP to search for and use all files that end in .properties, or did you add that new Duo OIDC properties file to the list of property files to be used at the start of idp.properties?<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jun 4, 2021, at 6:37 PM, Mark L. Boyce <<a href="mailto:Mark.Boyce@ucop.edu" class="">Mark.Boyce@ucop.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div class=""><p class="">Evening All,</p><p class="">Either I'm missing something (likely) or there something wrong:</p><p class="">following the instructions at
<a class="moz-txt-link-freetext" href="https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration-QuickSetup">https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration-QuickSetup</a>
and
<a class="moz-txt-link-freetext" href="https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration#duo-oidc-username-determination">https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration#duo-oidc-username-determination</a>
I've installed the DuoOIDC plugin and enabled the module. I've
added the appropriate entries into the duo-oidc properties file
and created the new Web SDK in Duo. Edited MFA to replace my 2nd
factor authn/Duo with authn/DuoOIDC. All appears as I believe it
should. When I attempt to authenticate, however, I recieve the
following in the IdP Warn/Process logs:</p><p class="">2021-06-04 16:00:31,234 - WARN
[net.shibboleth.ext.spring.context.FilesystemGenericWebApplicationContext:?]
- Exception encountered during context initialization - cancelling
refresh attempt:
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'shibboleth.authn.DuoOIDC.DuoIntegration'
defined in URL
[<a class="moz-txt-link-freetext" href="jar:file:/apps/apache-tomcat-9.0.34/webapps/idp/WEB-INF/lib/idp-plugin-duo-impl-1.1.0.jar!/META-INF/net/shibboleth/idp/flows/authn/DuoOIDC/duo-oidc-authn-beans.xml">jar:file:/apps/apache-tomcat-9.0.34/webapps/idp/WEB-INF/lib/idp-plugin-duo-impl-1.1.0.jar!/META-INF/net/shibboleth/idp/flows/authn/DuoOIDC/duo-oidc-authn-beans.xml</a>]:
Invocation of init method failed; nested exception is
net.shibboleth.utilities.java.support.component.ComponentInitializationException:
API host, clientId, secret key,token endpoint, health check
endpoint, authorization endpoint, and one of redirectURI or
allowed redirect URI origins must be set<br class="">
2021-06-04 16:00:31,234 - ERROR
[org.springframework.webflow.execution.FlowExecutionException:91]
-<br class="">
org.springframework.webflow.execution.FlowExecutionException:
Exception thrown in state 'CallSubflow' of flow 'authn/MFA'<br class="">
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:573)<br class="">
Caused by:
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'shibboleth.authn.DuoOIDC.DuoIntegration'
defined in URL
[<a class="moz-txt-link-freetext" href="jar:file:/apps/apache-tomcat-9.0.34/webapps/idp/WEB-INF/lib/idp-plugin-duo-impl-1.1.0.jar!/META-INF/net/shibboleth/idp/flows/authn/DuoOIDC/duo-oidc-authn-beans.xml">jar:file:/apps/apache-tomcat-9.0.34/webapps/idp/WEB-INF/lib/idp-plugin-duo-impl-1.1.0.jar!/META-INF/net/shibboleth/idp/flows/authn/DuoOIDC/duo-oidc-authn-beans.xml</a>]:
Invocation of init method failed; nested exception is
net.shibboleth.utilities.java.support.component.ComponentInitializationException:
API host, clientId, secret key,token endpoint, health check
endpoint, authorization endpoint, and one of redirectURI or
allowed redirect URI origins must be set<br class="">
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1786)<br class="">
Caused by:
net.shibboleth.utilities.java.support.component.ComponentInitializationException:
API host, clientId, secret key,token endpoint, health check
endpoint, authorization endpoint, and one of redirectURI or
allowed redirect URI origins must be set<br class="">
at
net.shibboleth.idp.plugin.authn.duo.DefaultDuoOIDCIntegration.doInitialize(DefaultDuoOIDCIntegration.java:286)</p><p class="">Any thoughts would be appreciated.</p><p class="">Thanks,</p><p class="">m.<br class="">
</p>
<div class="moz-signature">-- <br class=""><p style="color:blue" class=""> University of California, Office Of The
President </p>
Information Technology Services<br class="">
Senior Identity Management Analyst<br class="">
Phone: 510.987.9681<br class="">
<img src="https://www.ucop.edu/_common/_images/sso/uc.png" alt="University Of California Logo" class=""><=""></div>
</div>
-- <br class="">For Consortium Member technical support, see <a href="https://wiki.shibboleth.net/confluence/x/coFAAg" class="">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br class="">To unsubscribe from this list send an email to <a href="mailto:users-unsubscribe@shibboleth.net" class="">users-unsubscribe@shibboleth.net</a><br class=""></div></blockquote></div><br class=""><div class="">
<div>--<br class="">Michael A. Grady<br class="">IAM Architect, Unicon, Inc.</div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<br class=""></body></html>