Skip to Content.

cat-users - Re: [[cat-users]] [[cat-devel]] Upgrade of SP authentication proxy for eduroam CAT and monitoring services - completed

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] [[cat-devel]] Upgrade of SP authentication proxy for eduroam CAT and monitoring services - completed


Chronological Thread 
    < Chronological >      < Thread >
  • From: Dubravko Voncina <dubravko.voncina AT srce.hr>
  • To: Zenon Mousmoulas <zmousm AT noc.grnet.gr>
  • Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>, monitor AT eduroam.org, eduroam OT <eduroam-ot AT lists.geant.org>
  • Subject: Re: [[cat-users]] [[cat-devel]] Upgrade of SP authentication proxy for eduroam CAT and monitoring services - completed
  • Date: Mon, 20 Feb 2017 14:12:17 +0100
Hello Zenon,

I'm afraid that your IdP doesn't provide persistent NameID in the subject:

<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_fcf113333e4a4953fceda8868f0ce92b"
IssueInstant="2017-02-20T11:26:35.622Z" Version="2.0">
<saml2:Issuer>https://idp.admin.grnet.gr/idp/shibboleth</saml2:Issuer>
<saml2:Subject>
<saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="https://idp.admin.grnet.gr/idp/shibboleth";
SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp";>AAhzZWNyZXQxMTzq787eaH4dVeRaUP46bYj80P2AU1vcFavM36k3J4jFbFIhk/Nie6JcQc+AI3fatRUPnEOECi1Csirr9E5HO+whbUmO+uNPflNJ/okTqza2QbKFIeJW9CJyW+4I2Xe1bY+vO1Co0jqrIxmxcBe0px4bduZG9+P9PxoZWhMR1Vr+mstiqmQ=</saml2:NameID>
...

Regards,

Dubravko Voncina
Middleware and Data Services Department
University of Zagreb, University Computing Centre, www.srce.unizg.hr
dubravko.voncina AT srce.hr,
tel: +385 98 219273, fax: +385 1 6165559




> On 20 Feb 2017, at 13:59, Zenon Mousmoulas
> <zmousm AT noc.grnet.gr>
> wrote:
>
> Logging in via an eduGAIN IdP, all seems fine when eduPersonTargetedID is
> released as an attribute, but login breaks when the identifier is only
> released as persistent NameID in the subject:
>
> Backtrace:
> 0
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/www/module.php:180
> (N/A)
> Caused by: SimpleSAML_Error_Exception: This service needs at least one of
> the following
> attributes to identity users: eduPersonTargetedID,
> facebook_targetedID, google_eppn, linkedin_targetedID, twitter_targetedID.
> Unfortunately not
> one of them was detected. Please ask your institution
> administrator to release one of
> them, or try using another identity provider.
> Backtrace:
> 11
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/modules/smartattributes/lib/Auth/Process/SmartID.php:95
> (sspmod_smartattributes_Auth_Process_SmartID::addID)
> 10
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/modules/smartattributes/lib/Auth/Process/SmartID.php:113
> (sspmod_smartattributes_Auth_Process_SmartID::process)
> 9
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/lib/SimpleSAML/Auth/ProcessingChain.php:195
> (SimpleSAML_Auth_ProcessingChain::processState)
> 8
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/lib/SimpleSAML/IdP.php:331
> (SimpleSAML_IdP::postAuth)
> 7 [builtin] (call_user_func)
> 6
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/lib/SimpleSAML/Auth/Source.php:229
> (SimpleSAML_Auth_Source::loginCompleted)
> 5 [builtin] (call_user_func)
> 4
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/lib/SimpleSAML/Auth/Source.php:145
> (SimpleSAML_Auth_Source::completeAuth)
> 3
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/modules/saml/lib/Auth/Source/SP.php:637
> (sspmod_saml_Auth_Source_SP::onProcessingCompleted)
> 2
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/modules/saml/lib/Auth/Source/SP.php:564
> (sspmod_saml_Auth_Source_SP::handleResponse)
> 1
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/modules/saml/www/sp/saml2-acs.php:227
> (require)
> 0
> /var/www/html/monitor-ssl/simplesamlphp-1.14.11-monitor-sp/www/module.php:137
> (N/A)
>
>
> Such was the behavior until last week.
>
> Regards,
> Z.
>
> On 2017-02-20 11:58, Dubravko Voncina wrote:
>> Hi all,
>> We've had some problems with eduGAIN SP proxy during the weekend.
>> Can you please try if authentication to eduroam monitoring/CAT
>> services is working for you now?
>> Best regards,
>> Dubravko Voncina
>> Middleware and Data Services Department
>> University of Zagreb, University Computing Centre, www.srce.unizg.hr
>> dubravko.voncina AT srce.hr,
>> tel: +385 98 219273, fax: +385 1 6165559
>>> On 17 Feb 2017, at 11:09, Dubravko Voncina
>>> <dubravko.voncina AT srce.hr>
>>> wrote:
>>> Hi again,
>>> Upgrade of eduGAIN SP authentication proxy for eduroam CAT and monitoring
>>> services is completed. In theory, this upgrade should be (almost)
>>> completely transparent for users. In practice, there is a chance that I
>>> screwed something up so if you notice any problems during the
>>> authentication process, please let me know.
>>> Best regards,
>>> Dubravko Voncina
>>> Middleware and Data Services Department
>>> University of Zagreb, University Computing Centre, www.srce.unizg.hr
>>> dubravko.voncina AT srce.hr,
>>> tel: +385 98 219273, fax: +385 1 6165559
>>> To unsubscribe, send this message:
>>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>>> Or use the following link:
>>> https://lists.geant.org/sympa/sigrequest/cat-users
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users


Archive powered by MHonArc 2.6.19.

Top of Page