[eduVPN-deploy] What is the Shib SP metadata?
Stefan Winter
stefan.winter at restena.lu
Mon Jul 6 11:48:56 CEST 2020
Hi,
maybe I have one for you :-)
Now auth works, and I configured the IdP to send the
eduPersonPrincipalName to eduVPN.
With SAMLtracer, I see that this is actually happening, the relevant bit
being:
<saml:AttributeStatement> <saml:Attribute
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" >
<saml:AttributeValue
xsi:type="xs:string">swinter at education.lu</saml:AttributeValue>
</saml:Attribute> </saml:AttributeStatement>
So this goes through to Shibboleth.
Simple-mindedly, I thought I can just change in eduVPN's config.php the
attribute from "persistent-id" to "eppn" :
'ShibAuthentication' =>
array (
'userIdAttribute' => 'eppn',
),
but that results in an error:
400
An error occurred.
|missing request header "eppn"|
So I guess Shibboleth doesn't pass this on by default - but I don't know
how to make it change its mind.
Any clues?
Greetings,
Stefan Winter
Am 06.07.20 um 10:27 schrieb Anass Chabli:
> Hello Stefan,
>
> The Shibboleth SP make its own SP metadata available through this URL " https://youreduvpnserver/Shibboleth.sso/Metadata "
>
> Please, feel free to contact me directly, if you need any help on the SAML configuration.
>
> Cheers,
> Anass
>
> ----- Mail original -----
> De: "Stefan Winter via eduVPN-deploy" <eduvpn-deploy at list.surfnet.nl>
> À: eduvpn-deploy at list.surfnet.nl
> Envoyé: Lundi 6 Juillet 2020 10:16:13
> Objet: [eduVPN-deploy] What is the Shib SP metadata?
>
> Hello,
>
>
> I'm currently configuring SAML auth (basic functionality of the eduVPN
> server already works, great!).
>
>
> I notice the documentation is maybe a little thin on this point:
>
>
> "Next: register your SP in your identity federation, or in your IdP."
>
>
> I'd love to - but where does the Shibboleth SP make its own SP metadata
> available so I can transfer it to the IdP? I'Ve never worked with
> Shibboleth before. I imagine there is some kind of status URL like with SSP?
>
>
> Greetings,
>
>
> Stefan Winter
>
>
> _______________________________________________
> eduVPN-deploy mailing list
> eduVPN-deploy at list.surfnet.nl
> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20200706/a84bf2df/attachment.html>
More information about the eduVPN-deploy
mailing list