[eduVPN-deploy] problem using eduvpn clients with version 3
François Kooman
fkooman at tuxed.net
Mon Jun 13 12:57:44 CEST 2022
Hi Pascal,
The problem is that your Shibboleth installation also protects the API
endpoint and OAuth token endpoint. They need to be excluded, i.e.:
# do not restrict API Endpoint as used by VPN clients
<Location /vpn-user-portal/api>
Require all granted
</Location>
# do not secure OAuth Token Endpoint as used by VPN clients
<Location /vpn-user-portal/oauth/token>
Require all granted
</Location>
As documented here:
https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md
Did you follow these instructions? Is there a bug in our documentation?
Please let us know!
Regards,
François
On 13.06.22 09:03, Pascal Panneels via eduVPN-deploy wrote:
> Hi François, all,
>
> I've installed version 3 of the server a couple of days ago on our
> (Belnet) server and upgraded for one of our customer (Hasselt
> University) this week-end.
>
> On my Ubuntu (client) machines, I'm using NetworkManager to handle the
> [edu:open]vpn connexions and it works perfectly well.
>
> I've tried to connect using the client on my iPhone. I'm adding a
> connexion ("+" button, search for the server (ie: University Hasselt),
> gets to the user authentication page, authentication my user, and the I
> get a problem in the phase where I need to approve the use of the app in
> the server) -see attached screenshot if it can be of any help.
>
> I've tried the eduvpn client on Ubuntu and gets similar problem :
>
> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
>
> pep at pep-laptop:~$ eduvpn-cli search hasselt
>
> ...
>
> Institute access:
> [92] Hasselt University
>
> pep at pep-laptop:~$ eduvpn-cli interactive
>
> > 92
>
> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:starting procedure
> with auth_url https://eduvpn-uhasselt.belnet.be/
> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:token exists,
> restoring
> INFO:eduvpn.remote:Requesting
> https://eduvpn-uhasselt.belnet.be/.well-known/vpn-user-portal
> Traceback (most recent call last):
> File "/usr/bin/eduvpn-cli", line 33, in <module>
> sys.exit(load_entry_point('eduvpn-client==2.2.1',
> 'console_scripts', 'eduvpn-cli')())
> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 139, in eduvpn
> parse_eduvpn(argv[1:])
> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 105, in
> parse_eduvpn
> parsed.func(parsed)
> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 67, in
> interactive
> enroll(auth_url, display_name, support_contact, secure_internets,
> interactive=True)
> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 42, in enroll
> api_url, oauth, token_endpoint, auth_endpoint =
> actions.fetch_token(auth_url)
> File "/usr/lib/python3/dist-packages/eduvpn/actions.py", line 68, in
> fetch_token
> api_url, token_endpoint, auth_endpoint = get_info(auth_url)
> File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 89, in
> get_info
> info = get_full_info(base_uri)
> File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 85, in
> get_full_info
> return request(uri)['api']['http://eduvpn.org/api#2']
> KeyError: 'http://eduvpn.org/api#2'
> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
>
>
> Any idea of the cause ?
>
> --
> *Pascal Panneels*
> System Architect
> Belnet - Services
> WTC III
> Simon Bolivarlaan 30 Boulevard Simon Bolivar
> Brussel 1000 Bruxelles
> België - Belgique
> T: +32 2 790 33 33
> *www.belnet.be <http://www.belnet.be>*
>
> _______________________________________________
> eduVPN-deploy mailing list
> eduVPN-deploy at list.surfnet.nl
> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy
More information about the eduVPN-deploy
mailing list