<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p><br>
</p>
<p>maybe I have one for you :-)</p>
<p><br>
</p>
<p>Now auth works, and I configured the IdP to send the
eduPersonPrincipalName to eduVPN.</p>
<p><br>
</p>
<p>With SAMLtracer, I see that this is actually happening, the
relevant bit being:</p>
<p><span class="hljs-tag"><<span class="hljs-name">saml:AttributeStatement</span>></span>
<span class="hljs-tag"><<span class="hljs-name">saml:Attribute</span>
<span class="hljs-attr">Name</span>=<span class="hljs-string"><a class="moz-txt-link-rfc2396E" href="urn:oid:1.3.6.1.4.1.5923.1.1.1.6">"urn:oid:1.3.6.1.4.1.5923.1.1.1.6"</a></span>
<span class="hljs-attr">NameFormat</span>=<span
class="hljs-string"><a class="moz-txt-link-rfc2396E" href="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">"urn:oasis:names:tc:SAML:2.0:attrname-format:uri"</a></span>
></span> <span class="hljs-tag"><<span class="hljs-name">saml:AttributeValue</span>
<span class="hljs-attr">xsi:type</span>=<span
class="hljs-string">"xs:string"</span>></span><a class="moz-txt-link-abbreviated" href="mailto:swinter@education.lu">swinter@education.lu</a><span
class="hljs-tag"></<span class="hljs-name">saml:AttributeValue</span>></span>
<span class="hljs-tag"></<span class="hljs-name">saml:Attribute</span>></span>
<span class="hljs-tag"></<span class="hljs-name">saml:AttributeStatement</span>></span></p>
<p><span class="hljs-tag"><br>
</span></p>
<p><span class="hljs-tag">So this goes through to Shibboleth.</span></p>
<p><span class="hljs-tag"><br>
</span></p>
<p><span class="hljs-tag">Simple-mindedly, I thought I can just
change in eduVPN's config.php the attribute from "persistent-id"
to "eppn" :</span></p>
<p><span class="hljs-tag"> 'ShibAuthentication' => <br>
array (<br>
'userIdAttribute' => 'eppn',<br>
),<br>
</span></p>
<p><span class="hljs-tag"><br>
</span></p>
<p><span class="hljs-tag">but that results in an error:</span></p>
<p><br>
<span class="hljs-tag"> </span></p>
<h2>400</h2>
<p>An error occurred.</p>
<p class="error"> <code>missing request header "eppn"</code> </p>
<p><br>
</p>
<p><br>
</p>
<p>So I guess Shibboleth doesn't pass this on by default - but I
don't know how to make it change its mind.</p>
<p><br>
</p>
<p>Any clues?</p>
<p><br>
</p>
<p>Greetings,</p>
<p><br>
</p>
<p>Stefan Winter<br>
</p>
<p><span class="hljs-tag"><br>
</span></p>
<p><br>
</p>
<div class="moz-cite-prefix">Am 06.07.20 um 10:27 schrieb Anass
Chabli:<br>
</div>
<blockquote type="cite"
cite="mid:557916743.13808.1594024021353.JavaMail.zimbra@renater.fr">
<pre class="moz-quote-pre" wrap="">Hello Stefan,
The Shibboleth SP make its own SP metadata available through this URL <a class="moz-txt-link-rfc2396E" href="https://youreduvpnserver/Shibboleth.sso/Metadata">" https://youreduvpnserver/Shibboleth.sso/Metadata "</a>
Please, feel free to contact me directly, if you need any help on the SAML configuration.
Cheers,
Anass
----- Mail original -----
De: "Stefan Winter via eduVPN-deploy" <a class="moz-txt-link-rfc2396E" href="mailto:eduvpn-deploy@list.surfnet.nl"><eduvpn-deploy@list.surfnet.nl></a>
À: <a class="moz-txt-link-abbreviated" href="mailto:eduvpn-deploy@list.surfnet.nl">eduvpn-deploy@list.surfnet.nl</a>
Envoyé: Lundi 6 Juillet 2020 10:16:13
Objet: [eduVPN-deploy] What is the Shib SP metadata?
Hello,
I'm currently configuring SAML auth (basic functionality of the eduVPN
server already works, great!).
I notice the documentation is maybe a little thin on this point:
"Next: register your SP in your identity federation, or in your IdP."
I'd love to - but where does the Shibboleth SP make its own SP metadata
available so I can transfer it to the IdP? I'Ve never worked with
Shibboleth before. I imagine there is some kind of status URL like with SSP?
Greetings,
Stefan Winter
_______________________________________________
eduVPN-deploy mailing list
<a class="moz-txt-link-abbreviated" href="mailto:eduVPN-deploy@list.surfnet.nl">eduVPN-deploy@list.surfnet.nl</a>
<a class="moz-txt-link-freetext" href="https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy">https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy</a>
</pre>
</blockquote>
</body>
</html>