cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Dubravko Voncina <dubravko.voncina AT srce.hr>
- To: Ingimar Örn Jónsson <ingimar AT hi.is>
- Cc: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] Problem logging into cat.eduroam.org as admin
- Date: Tue, 29 May 2018 12:20:14 +0200
Hello!
> On 29 May 2018, at 12:06, Ingimar Örn Jónsson
> <ingimar AT hi.is>
> wrote:
>
> Hello.
>
> I have used an eduGAIN login to access cat.eduroam.org but it is not
> working today.
>
> I get this error;
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
>
> Backtrace:
> 1 www/_include.php:45 (SimpleSAML_exception_handler)
> 0 [builtin] (N/A)
> Caused by: SAML2\Exception\RuntimeException: A
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10" (EPTI) attribute value must be a
> NameID, none found for value no. "0"
> Backtrace:
>
> ...
>
> Does anyone know what the problem might be?
>
Yes. Apparently, your authentication service (IdP) provides a string value of
an attribute 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' (eduPersonTargetedID) which
is invalid, deprecated eduPersonTargetedID value format. This was tolerated
in SimpleSAMLphp versions prior to 1.15, but latest stable version of
SimpleSAMLphp requires eduPersonTargetedID to be provided as an XML
construct. About a month ago we upgraded the version of SimpleSAMLphp which
we use as an authentication Proxy for eduroam Configuration Assistant Tool to
the latest stable version so all Identity Providers must provide
eduPersonTargetedID value in XML format.
For example, your IdP provides SAML authentication response which contains
following attribute statement:
<saml:AttributeStatement>
<saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Ingimar Örn
Jónsson</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">some_value</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue
xsi:type="xs:string">WAYF-DK-some_value</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
but instead, your IdP should provide attribute statement that roughly looks
like:
<saml:AttributeStatement>
<saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Ingimar Örn
Jónsson</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">some_value</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID
NameQualifier="https://birk.wayf.dk/birk.php/wayf.hi.is/simplesaml/saml2/idp/metadata.php";
SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp";
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">WAYF-DK-some_value</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
Unfortunatelly, we as service providers can't do much about it. You'll have
to contact your authentication service admin to fix this problem at the IdP
side.
Best Regards,
Dubravko Voncina
Middleware and Data Services Department
University of Zagreb, University Computing Centre, www.srce.unizg.hr
dubravko.voncina AT srce.hr,
tel: +385 98 219273, fax: +385 1 6165559
- [[cat-users]] Problem logging into cat.eduroam.org as admin, Ingimar Örn Jónsson, 05/29/2018
- Re: [[cat-users]] Problem logging into cat.eduroam.org as admin, Dubravko Voncina, 05/29/2018
Archive powered by MHonArc 2.6.19.