The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Dubravko Voncina <dubravko.voncina AT srce.hr>]

Hello Stuart,

If you still have problems logging in to CAT admin application, please ask your NRO to send you a new invitation URL so that we can update your unique ID in CAT database.

Best Regards,

Dubravko Voncina
Middleware and Data Services Department
University of Zagreb, University Computing Centre, www.srce.unizg.hr
dubravko.voncina AT srce.hr, tel: +385 98 219273, fax: +385 1 6165559

On 05 May 2018, at 00:08, Stuart Anderson <s.anderson AT qmul.ac.uk> wrote:

Hi all,

I am still unable to manage our CAT installers after successfully logging in via the "eduroam admin:manage your IdP" link on the eduroam CAT homepage. Would it be sensible to request another invitation token to gain correct access, or is that likely to confuse the situation even more?

I'm keen to get this sorted as we're planning to launch the CAT within our institution next week in conjunction with a RADIUS server certificate rollover, and need to do some fine tuning.

Thanks and regards,

Stuart

---

From: Stuart Anderson <s.anderson AT qmul.ac.uk>
Sent: 03 May 2018 16:16
To: Nik Mitev; Dubravko Voncina
Cc: eduroam CAT Feedback
Subject: RE: [[cat-users]] Problem logging in to CAT

 

Hi all,

I believe I'm the user Nik mentioned. I can successfully log in using my institution credentials, but once I'm in I get a page saying “You are not managing any institutions.”. I am new to CAT (granted access 19/4/18), but had access yesterday to configure our installers but don't appear to have it today.

Any help/advice appreciated.

Regards,

Stuart
-- 
Stuart Anderson 
Network Delivery Officer, IT Services 
Queen Mary University of London
Tel: +44 (0)20 7882 5629 

> -----Original Message-----
> From: Nik Mitev [mailto:nik.mitev AT jisc.ac.uk]
> Sent: 03 May 2018 15:56
> To: Dubravko Voncina <dubravko.voncina AT srce.hr>
> Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>
> Subject: Re: [[cat-users]] Problem logging in to CAT
> 
> Hi Dubravko,
> 
> Thanks for that - I am logging in through the Geant guest IdP, do you know
> who administers it?
> 
> I will ask the UK user who originally reported the issue to try and log in and if
> needed email here directly as well.
> 
> Thanks again,
> Nik
> 
> -------- Original Message --------
> From: Dubravko Voncina
> Sent: Thursday, May 3, 2018 3:35 PM BST
> To: Nik Mitev
> Cc: eduroam CAT Feedback
> Subject: [[cat-users]] Problem logging in to CAT
> 
> Hello again Nik,
> 
> I believe I've found the cause of your problem. Apparently, your IdP provides
> string value of an attribute 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10'
> (eduPersonTargetedID) which is invalid eduPersonTargetedID value format.
> This was tolerated in SimpleSAMLphp versions prior to 1.15, but latest stable
> version of SimpleSAMLphp requires eduPersonTargetedID to be provided as
> an XML construct.
> 
> For example, your IdP provides SAML authentication response which
> contains following attribute statement:
> 
> 
> <saml:AttributeStatement>
>     <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
>     </saml:Attribute>
> </saml:AttributeStatement>
> 
> 
> but instead, your IdP should provide attribute statement that roughly looks
> like:
> 
> 
> <saml:AttributeStatement>
>     <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue>
>             <saml:NameID NameQualifier="https://gidp.geant.net"
> SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/
> metadata.php/default-sp"
> Format="urn:oasis:names:tc:SAML:2.0:nameid-
> format:persistent">some_value</saml:NameID>
>         </saml:AttributeValue>
>     </saml:Attribute>
> </saml:AttributeStatement>
> 
> 
> I'm afraid there's not much we can do about it, this problem will have to be
> fixed at the IdP side.
> 
> Best Regards,
> 
> Dubravko Voncina
> Middleware and Data Services Department
> University of Zagreb, University Computing Centre, www.srce.unizg.hr
> dubravko.voncina AT srce.hr, tel: +385 98 219273, fax: +385 1 6165559
> 
> 
> 
> 
> On 03 May 2018, at 14:24, Nik Mitev <nik.mitev AT jisc.ac.uk> wrote:
> 
> He had logged in earlier yes. And I certainly have logged in earlier too :)
> 
> Nik
> 
> -------- Original Message --------
> From: Stefan Winter
> Sent: Thursday, May 3, 2018 12:59 PM BST
> To: cat-users AT lists.geant.org
> Subject: [[cat-users]] Problem logging in to CAT
> 
> Hi,
> 
> I have a ticket from a user who reports he is failing to log in to CAT, and when
> I tried to log in myself to see if there is anything obvious my login failed as
> well with the message "An unhandled exception was thrown." and a tracking
> id of b80f6f0c25
> 
> Debug:  SAML2\Exception\RuntimeException: A
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10" (EPTI) attribute value must be a NameID,
> none found for value no. "0
> 
> Let me know if you need any further info.
> 
> This coincides suspiciously with the maintenance work Miro announced for
> earlier today.
> 
> Did the user log in successfully earlier, or is it a brand new user? The latter
> could mean a misconfigured IdP is at fault, the former would suggest it's
> more like an update problem on the SP side.
> 
> Greetings,
> 
> Stefan
> 
> 
> 
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc www.eduroam.ac.uk Twitter
> @eduroamuk – for news, information, pictures and fun
> 
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
> 
> 
> 
> 
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc www.eduroam.ac.uk Twitter
> @eduroamuk – for news, information, pictures and fun
> 
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
> 

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users