[eduVPN-deploy] problem using eduvpn clients with version 3

Pascal Panneels pascal.panneels at belnet.be
Mon Jun 13 13:31:31 CEST 2022 

Hi,

Ok, you pointed me to the right place to look for the problem ! :-)

I had kept the previous setup for apache's locations that were using 
<Location /vpn-user-portal/api.php> and <Location 
/vpn-user-portal/oauth.php> instead of the new ones.

Now, it is properly working.

Thank you François,

Pascal

Le 13/06/2022 à 12:57, François Kooman a écrit :
> Hi Pascal,
>
> The problem is that your Shibboleth installation also protects the API 
> endpoint and OAuth token endpoint. They need to be excluded, i.e.:
>
>
>     # do not restrict API Endpoint as used by VPN clients
>     <Location /vpn-user-portal/api>
>         Require all granted
>     </Location>
>
>     # do not secure OAuth Token Endpoint as used by VPN clients
>     <Location /vpn-user-portal/oauth/token>
>         Require all granted
>     </Location>
>
> As documented here:
>
> https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md
>
> Did you follow these instructions? Is there a bug in our 
> documentation? Please let us know!
>
> Regards,
> François
>
>
> On 13.06.22 09:03, Pascal Panneels via eduVPN-deploy wrote:
>> Hi François, all,
>>
>> I've installed version 3 of the server a couple of days ago on our 
>> (Belnet) server and upgraded for one of our customer (Hasselt 
>> University) this week-end.
>>
>> On my Ubuntu (client) machines, I'm using NetworkManager to handle 
>> the [edu:open]vpn connexions and it works perfectly well.
>>
>> I've tried to connect using the client on my iPhone. I'm adding a 
>> connexion ("+" button, search for the server (ie: University 
>> Hasselt), gets to the user authentication page, authentication my 
>> user,  and the I get a problem in the phase where I need to approve 
>> the use of the app in the server)   -see attached screenshot if it 
>> can be of any help.
>>
>> I've tried the eduvpn client on Ubuntu and gets similar problem :
>>
>> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
>>
>> pep at pep-laptop:~$ eduvpn-cli search hasselt
>>
>> ...
>>
>> Institute access:
>> [92] Hasselt University
>>
>> pep at pep-laptop:~$ eduvpn-cli interactive
>>
>>  > 92
>>
>> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:starting 
>> procedure with auth_url https://eduvpn-uhasselt.belnet.be/
>> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:token exists, 
>> restoring
>> INFO:eduvpn.remote:Requesting 
>> https://eduvpn-uhasselt.belnet.be/.well-known/vpn-user-portal
>> Traceback (most recent call last):
>>    File "/usr/bin/eduvpn-cli", line 33, in <module>
>>      sys.exit(load_entry_point('eduvpn-client==2.2.1', 
>> 'console_scripts', 'eduvpn-cli')())
>>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 139, in 
>> eduvpn
>>      parse_eduvpn(argv[1:])
>>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 105, in 
>> parse_eduvpn
>>      parsed.func(parsed)
>>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 67, in 
>> interactive
>>      enroll(auth_url, display_name, support_contact, 
>> secure_internets, interactive=True)
>>    File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 42, in 
>> enroll
>>      api_url, oauth, token_endpoint, auth_endpoint = 
>> actions.fetch_token(auth_url)
>>    File "/usr/lib/python3/dist-packages/eduvpn/actions.py", line 68, 
>> in fetch_token
>>      api_url, token_endpoint, auth_endpoint = get_info(auth_url)
>>    File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 89, 
>> in get_info
>>      info = get_full_info(base_uri)
>>    File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 85, 
>> in get_full_info
>>      return request(uri)['api']['http://eduvpn.org/api#2']
>> KeyError: 'http://eduvpn.org/api#2'
>> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
>>
>>
>> Any idea of the cause ?
>>
>> -- 
>> *Pascal Panneels*
>> System Architect
>> Belnet - Services
>> WTC III
>> Simon Bolivarlaan 30 Boulevard Simon Bolivar
>> Brussel 1000 Bruxelles
>> België - Belgique
>> T: +32 2 790 33 33
>> *www.belnet.be <http://www.belnet.be>*
>>
>> _______________________________________________
>> eduVPN-deploy mailing list
>> eduVPN-deploy at list.surfnet.nl
>> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy
>
-- 
*Pascal Panneels*
System Architect
Belnet - Services
WTC III
Simon Bolivarlaan 30 Boulevard Simon Bolivar
Brussel 1000 Bruxelles
België - Belgique
T: +32 2 790 33 33
*www.belnet.be <http://www.belnet.be>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220613/2d9c04eb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4306 bytes
Desc: Signature cryptographique S/MIME
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220613/2d9c04eb/attachment.p7s>

More information about the eduVPN-deploy mailing list