The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Olivier SALAUN via RT" <support AT renater.fr>]

Hello,

I am in charge of the French federation and its interconnexion with eduGAIN.

Le 03/11/2014 18:04, Dubravko Vončina via RT a écrit :

Hi Christian, Richard, I apologize for not responding to error report. I'm receiving a lot of spam mail and occasionally these error reports end up in a wrong folder. Error log says: "SimpleSAML_Error_Exception: This service needs at least one of the following attributes to identity users: eduPersonTargetedID, facebook_targetedID, openid, linkedin_targetedID, twitter_targetedID. Unfortunately not one of them was detected. Please ask your institution administrator to release one of them, or try using another identity provider." Apparently, the "Université de Nice-Sophia Antipolis - UNICE" IdP doesn't provide attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (eduPersonTargetedID) which is mandatory to access CAT service.

    That's probably the issue Richard and other users are facing.
    Richard, you should make sure your IdP is properly configured for
    attribute release to eduGAIN service providers. This documentation
    <https://services.renater.fr/federation/docs/fiches/idp_edugain_enabled#modification_de_la_configuration_de_l_idp_shibboleth>
    provides sample configuration to reach this goal.
    
    May I add suggestions for eduroam CAT to ease the process of
    allowing federated login through eduGAIN:

• the error message your application shows when expected user attributes are not provided might be more precise to help the user understand what goes wrong. It should tell what user attribute is expected and not provided;
• because many IdPs don't provide eduPersonTargetedID attribute (mainly because it requires a RDBMS to be coupled with a Shibboleth IdP), you might consider requesting eduPersonPrincipalName as an alternative. This attribute can be provided by all IdPs;
• I checked your SP SAML metadata in eduGAIN metadata. It includes " RequestedAttribute" XML elements but it is missing "FriendlyName" XML attributes that would allow an easier reading from IdP admins.
  

    Regards.

Best Regards, Dubravko Voncina Middleware and Data Services Department University of Zagreb, University Computing Centre, www.srce.unizg.hr dubravko.voncina AT srce.hr, tel: +385 98 219273, fax: +385 1 6165559 On 3.11.2014. 17:23, Miroslav Milinovic wrote: > Dubravko (V.), > > could you please check this ... > > Miro > > ----- Original Message ----- From: "Christian Trinh via RT" > <support AT renater.fr> > To: <cat-users AT geant.net> > Sent: Monday, November 03, 2014 4:11 PM > Subject: [cat-users] [Support technique RENATER - Mobilité #39545] > problem to access eduroam CAT administration interface for institution > in eduGAIN > > >> Hello, >> >> the university "Université de Nice-Sophia Antipolis - UNICE" is >> participating in eduGAIN, >> and has requested an entry in eduroam CAT. We (RENATER) found this >> university eligible for the >> eduroam CAT service and we followed the process through the portal >> (cat.eduroam.org) in order to >> sent to their administrator (Richard.Manas AT unice.fr) an invitation >> email with a token. >> This contact followed the supplied link with the token to log into the >> eduroam CAT administration >> interface, but encountered an error (cat_error.png attached) that he >> already (on October 23) >> reported to your support but he didn't get any response. Could you >> please check this problem.