[eduVPN-deploy] problem using eduvpn clients with version 3
Pascal Panneels
pascal.panneels at belnet.be
Mon Jun 13 13:31:31 CEST 2022
Hi,
Ok, you pointed me to the right place to look for the problem ! :-)
I had kept the previous setup for apache's locations that were using
<Location /vpn-user-portal/api.php> and <Location
/vpn-user-portal/oauth.php> instead of the new ones.
Now, it is properly working.
Thank you François,
Pascal
Le 13/06/2022 à 12:57, François Kooman a écrit :
> Hi Pascal,
>
> The problem is that your Shibboleth installation also protects the API
> endpoint and OAuth token endpoint. They need to be excluded, i.e.:
>
>
> # do not restrict API Endpoint as used by VPN clients
> <Location /vpn-user-portal/api>
> Require all granted
> </Location>
>
> # do not secure OAuth Token Endpoint as used by VPN clients
> <Location /vpn-user-portal/oauth/token>
> Require all granted
> </Location>
>
> As documented here:
>
> https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md
>
> Did you follow these instructions? Is there a bug in our
> documentation? Please let us know!
>
> Regards,
> François
>
>
> On 13.06.22 09:03, Pascal Panneels via eduVPN-deploy wrote:
>> Hi François, all,
>>
>> I've installed version 3 of the server a couple of days ago on our
>> (Belnet) server and upgraded for one of our customer (Hasselt
>> University) this week-end.
>>
>> On my Ubuntu (client) machines, I'm using NetworkManager to handle
>> the [edu:open]vpn connexions and it works perfectly well.
>>
>> I've tried to connect using the client on my iPhone. I'm adding a
>> connexion ("+" button, search for the server (ie: University
>> Hasselt), gets to the user authentication page, authentication my
>> user, and the I get a problem in the phase where I need to approve
>> the use of the app in the server) -see attached screenshot if it
>> can be of any help.
>>
>> I've tried the eduvpn client on Ubuntu and gets similar problem :
>>
>> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
>>
>> pep at pep-laptop:~$ eduvpn-cli search hasselt
>>
>> ...
>>
>> Institute access:
>> [92] Hasselt University
>>
>> pep at pep-laptop:~$ eduvpn-cli interactive
>>
>> > 92
>>
>> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:starting
>> procedure with auth_url https://eduvpn-uhasselt.belnet.be/
>> INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:token exists,
>> restoring
>> INFO:eduvpn.remote:Requesting
>> https://eduvpn-uhasselt.belnet.be/.well-known/vpn-user-portal
>> Traceback (most recent call last):
>> File "/usr/bin/eduvpn-cli", line 33, in <module>
>> sys.exit(load_entry_point('eduvpn-client==2.2.1',
>> 'console_scripts', 'eduvpn-cli')())
>> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 139, in
>> eduvpn
>> parse_eduvpn(argv[1:])
>> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 105, in
>> parse_eduvpn
>> parsed.func(parsed)
>> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 67, in
>> interactive
>> enroll(auth_url, display_name, support_contact,
>> secure_internets, interactive=True)
>> File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 42, in
>> enroll
>> api_url, oauth, token_endpoint, auth_endpoint =
>> actions.fetch_token(auth_url)
>> File "/usr/lib/python3/dist-packages/eduvpn/actions.py", line 68,
>> in fetch_token
>> api_url, token_endpoint, auth_endpoint = get_info(auth_url)
>> File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 89,
>> in get_info
>> info = get_full_info(base_uri)
>> File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line 85,
>> in get_full_info
>> return request(uri)['api']['http://eduvpn.org/api#2']
>> KeyError: 'http://eduvpn.org/api#2'
>> -8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
>>
>>
>> Any idea of the cause ?
>>
>> --
>> *Pascal Panneels*
>> System Architect
>> Belnet - Services
>> WTC III
>> Simon Bolivarlaan 30 Boulevard Simon Bolivar
>> Brussel 1000 Bruxelles
>> België - Belgique
>> T: +32 2 790 33 33
>> *www.belnet.be <http://www.belnet.be>*
>>
>> _______________________________________________
>> eduVPN-deploy mailing list
>> eduVPN-deploy at list.surfnet.nl
>> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy
>
--
*Pascal Panneels*
System Architect
Belnet - Services
WTC III
Simon Bolivarlaan 30 Boulevard Simon Bolivar
Brussel 1000 Bruxelles
België - Belgique
T: +32 2 790 33 33
*www.belnet.be <http://www.belnet.be>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220613/2d9c04eb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4306 bytes
Desc: Signature cryptographique S/MIME
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220613/2d9c04eb/attachment.p7s>
More information about the eduVPN-deploy
mailing list