[eduVPN-deploy] problem using eduvpn clients with version 3

François Kooman fkooman at tuxed.net
Mon Jun 13 12:57:44 CEST 2022 

Hi Pascal,

The problem is that your Shibboleth installation also protects the API 
endpoint and OAuth token endpoint. They need to be excluded, i.e.:


     # do not restrict API Endpoint as used by VPN clients
     <Location /vpn-user-portal/api>
         Require all granted
     </Location>

     # do not secure OAuth Token Endpoint as used by VPN clients
     <Location /vpn-user-portal/oauth/token>
         Require all granted
     </Location>

As documented here:

https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md

Did you follow these instructions? Is there a bug in our documentation? 
Please let us know!

Regards,
François


On 13.06.22 09:03, Pascal Panneels via eduVPN-deploy wrote:
> Hi François, all,
> 
> I've installed version 3 of the server a couple of days ago on our 
> (Belnet) server and upgraded for one of our customer (Hasselt 
> University) this week-end.
> 
> On my Ubuntu (client) machines, I'm using NetworkManager to handle the 
> [edu:open]vpn connexions and it works perfectly well.
> 
> I've tried to connect using the client on my iPhone. I'm adding a 
> connexion ("+" button, search for the server (ie: University Hasselt), 
> gets to the user authentication page, authentication my user,  and the I 
> get a problem in the phase where I need to approve the use of the app in 
> the server)   -see attached screenshot if it can be of any help.
> 
> I've tried the eduvpn client on Ubuntu and gets similar problem :
> 
> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
> 
> pep at pep-laptop:~$ eduvpn-cli search hasselt
> 
> ...
> 
> Institute access:
> [92] Hasselt University
> 
> pep at pep-laptop:~$ eduvpn-cli interactive
> 
>  > 92
> 
> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:starting procedure 
> with auth_url https://eduvpn-uhasselt.belnet.be/
> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:token exists, 
> restoring
> INFO:eduvpn.remote:Requesting 
> https://eduvpn-uhasselt.belnet.be/.well-known/vpn-user-portal
> Traceback (most recent call last):
>    File "/usr/bin/eduvpn-cli", line 33, in <module>
>      sys.exit(load_entry_point('eduvpn-client==2.2.1', 
> 'console_scripts', 'eduvpn-cli')())
>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 139, in eduvpn
>      parse_eduvpn(argv[1:])
>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 105, in 
> parse_eduvpn
>      parsed.func(parsed)
>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 67, in 
> interactive
>      enroll(auth_url, display_name, support_contact, secure_internets, 
> interactive=True)
>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 42, in enroll
>      api_url, oauth, token_endpoint, auth_endpoint = 
> actions.fetch_token(auth_url)
>    File "/usr/lib/python3/dist-packages/eduvpn/actions.py", line 68, in 
> fetch_token
>      api_url, token_endpoint, auth_endpoint = get_info(auth_url)
>    File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 89, in 
> get_info
>      info = get_full_info(base_uri)
>    File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 85, in 
> get_full_info
>      return request(uri)['api']['http://eduvpn.org/api#2']
> KeyError: 'http://eduvpn.org/api#2'
> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
> 
> 
> Any idea of the cause ?
> 
> -- 
> *Pascal Panneels*
> System Architect
> Belnet - Services
> WTC III
> Simon Bolivarlaan 30 Boulevard Simon Bolivar
> Brussel 1000 Bruxelles
> België - Belgique
> T: +32 2 790 33 33
> *www.belnet.be <http://www.belnet.be>*
> 
> _______________________________________________
> eduVPN-deploy mailing list
> eduVPN-deploy at list.surfnet.nl
> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy

More information about the eduVPN-deploy mailing list