Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Problem logging in to CAT

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Problem logging in to CAT


Chronological Thread 
  • From: Dubravko Voncina <dubravko.voncina AT srce.hr>
  • To: Nik Mitev <nik.mitev AT jisc.ac.uk>
  • Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] Problem logging in to CAT
  • Date: Thu, 3 May 2018 17:07:13 +0200

Hi,

According to eduGAIN metadata storage database, the official GÉANT IdP admins
contact data is:

...
<md:Organization>
<md:OrganizationName xml:lang="en">GÉANT Limited</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">GÉANT Guest Identity
Provider</md:OrganizationDisplayName>
<md:OrganizationURL
xml:lang="en">http://www.geant.net/</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="support">
<md:GivenName>eduGAIN support</md:GivenName>

<md:EmailAddress>mailto:support AT edugain.org</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="technical">
<md:GivenName>eduGAIN support</md:GivenName>

<md:EmailAddress>mailto:support AT edugain.org</md:EmailAddress>
</md:ContactPerson>
...

I'm afraid these are the only contact e-mail addresses that I have.

Best regards,

Dubravko Voncina
Middleware and Data Services Department
University of Zagreb, University Computing Centre, www.srce.unizg.hr
dubravko.voncina AT srce.hr,
tel: +385 98 219273, fax: +385 1 6165559




> On 03 May 2018, at 16:55, Nik Mitev
> <nik.mitev AT jisc.ac.uk>
> wrote:
>
> Hi Dubravko,
>
> Thanks for that - I am logging in through the Geant guest IdP, do you
> know who administers it?
>
> I will ask the UK user who originally reported the issue to try and log
> in and if needed email here directly as well.
>
> Thanks again,
> Nik
>
> -------- Original Message --------
> From: Dubravko Voncina
> Sent: Thursday, May 3, 2018 3:35 PM BST
> To: Nik Mitev
> Cc: eduroam CAT Feedback
> Subject: [[cat-users]] Problem logging in to CAT
>
> Hello again Nik,
>
> I believe I've found the cause of your problem. Apparently, your IdP
> provides string value of an attribute
> 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' (eduPersonTargetedID) which is
> invalid eduPersonTargetedID value format.
> This was tolerated in SimpleSAMLphp versions prior to 1.15, but latest
> stable version of SimpleSAMLphp requires eduPersonTargetedID to be
> provided as an XML construct.
>
> For example, your IdP provides SAML authentication response which
> contains following attribute statement:
>
>
> <saml:AttributeStatement>
> <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
>
>
> but instead, your IdP should provide attribute statement that roughly
> looks like:
>
>
> <saml:AttributeStatement>
> <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue>
> <saml:NameID NameQualifier="https://gidp.geant.net";
> SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp";
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">some_value</saml:NameID>
> </saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
>
>
> I'm afraid there's not much we can do about it, this problem will have
> to be fixed at the IdP side.
>
> Best Regards,
>
> Dubravko Voncina
> Middleware and Data Services Department
> University of Zagreb, University Computing Centre, www.srce.unizg.hr
> dubravko.voncina AT srce.hr,
> tel: +385 98 219273, fax: +385 1 6165559
>
>
>
>
> On 03 May 2018, at 14:24, Nik Mitev
> <nik.mitev AT jisc.ac.uk>
> wrote:
>
> He had logged in earlier yes. And I certainly have logged in earlier too :)
>
> Nik
>
> -------- Original Message --------
> From: Stefan Winter
> Sent: Thursday, May 3, 2018 12:59 PM BST
> To:
> cat-users AT lists.geant.org
> Subject: [[cat-users]] Problem logging in to CAT
>
> Hi,
>
> I have a ticket from a user who reports he is failing to log in to CAT,
> and when I tried to log in myself to see if there is anything obvious my
> login failed as well with the message "An unhandled exception was
> thrown." and a tracking id of b80f6f0c25
>
> Debug: SAML2\Exception\RuntimeException: A
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10" (EPTI) attribute value must be a
> NameID, none found for value no. "0
>
> Let me know if you need any further info.
>
> This coincides suspiciously with the maintenance work Miro announced for
> earlier today.
>
> Did the user log in successfully earlier, or is it a brand new user? The
> latter could mean a misconfigured IdP is at fault, the former would
> suggest it's more like an update problem on the SP side.
>
> Greetings,
>
> Stefan
>
>
>
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc
> www.eduroam.ac.uk
> Twitter @eduroamuk – for news, information, pictures and fun
>
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
>
>
>
>
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc
> www.eduroam.ac.uk
> Twitter @eduroamuk – for news, information, pictures and fun
>
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
>
>




Archive powered by MHonArc 2.6.19.

Top of Page