Skip to Content.

geteduroam - Re: Problem with certificates generated

Subject: An open discussion list for topics related to the geteduroam service

List archive


Re: Problem with certificates generated


Chronological Thread 
    < Chronological >      < Thread >
  • From: Jørn Åne de Jong <jornane.dejong AT surf.nl>
  • To: geteduroam AT lists.geant.org
  • Subject: Re: Problem with certificates generated
  • Date: Wed, 17 Aug 2022 15:14:34 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MJ035/Lv/+7cvp3197Qv7rTZjZkzsYzosfpeyXB0bpk=; b=Ilw3TEB7jIobTl84hgmQUrV1Pw7T2YuSpGbxnC9cCsW+JagLoUQ+fUNj2fw0zXwTNHTdWDuU69CaG3x+GIbPFrvpCF0kAB86J8brCDhlOJyIRHuSjcqNkBU6WDWuE8ivPNd/jb3/3iRVLkhTZJypVm4I8W4DOW8ugehvI/82JL6SFSVkbecmOYyY18E4NSYkeLczCi/LPZZfadohAbXekHidbjphJBAPYT6XvSLE1C4oucXdd6ajA2/2MaakuVzgQBAiAcrilctaGnZZc6HFFU/KSq/ql74aArBi/zuUwIdI/OyulaKco4qNJwobwUx6xXJIYlgE9AZzp5SKSO1+rg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DWxjWSZqA7Mk83LDFYY86bltRvnvpZ6NYaVVdbqUU76SW2vwT+XMkIm1TYsigrx/Bnj2QTh0wnJA8xuot4JQ+KLekXSVaO2O9tSNzQvYVwGYvpRxw0k3fnXW/Zp5rJrYNrHX6FDFrc8sac3Vkjc22nL2mdzdvQ+1/ua/d7fK84OVXRqI8/LbrneMTE6QkHZI9qN0sx3vYYBqKLv1zajcYfbQi0v4xOXkMjzNilAhNDh49rATJZ8SC3p516fjPN/jvcq4EOXAlSZ683c3/M/XfkEaYuV2AWLqBBmDPp+lvjUXJzfq57fQxvIxFwWR+mDQe5G2H4SS6ECyFU5wXx13rg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;
On 17/08/2022 14:54, Darren Boss (via geteduroam Mailing List) wrote:
I redeployed the portal on Debian 11.4 (Bullseye) but now I'm getting a error
400 on the call from the Android app to /api/eap-config/. I decided to log
the Authorization header to a custom log and was able to decode it using a
JWT decoder. Looks fine, sub claim is my email address (using email nameid
from Azure AD). Including the decoded JWT in case it's something obvious:

{
"__t": "access_token",
"iat": "1660739494",
"sub": "Darren.Boss AT alliancecan.ca",
"realm": "alliancecan.ca",
"scope": "eap-metadata",
"code_challenge_method": "S256",
"code_challenge": "LQpjYE1ZjYAC6i9OwaU3OFYUBR9-rV-X0ohvYcXpLi4",
"client_id": "app.eduroam.geteduroam",
"redirect_uri": "app.eduroam.geteduroam:/",
"exp": "1676637094"
}

jwt.io is flagging the dates as invalid but they look right to me and the iat
matches the date of the apache log entry.

I think the dates are supposed to be ISO strings. I'll fix that in a future release, but it's not really a problem since we don't need interoperability with other solutions.

Error 400 means typically something wrong with the OAuth request. Can you find the answer body? It should tell you what's wrong.

--
Jørn Åne de Jong
geteduroam

Archive powered by MHonArc 2.6.19.

Top of Page