<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>Ok, you pointed me to the right place to look for the problem !
:-)<br>
</p>
<p> I had kept the previous setup for apache's locations that were
using <Location /vpn-user-portal/api.php> and <Location
/vpn-user-portal/oauth.php> instead of the new ones.<br>
</p>
<p>Now, it is properly working.</p>
<p>Thank you François,</p>
<p>Pascal<br>
</p>
<div class="moz-cite-prefix">Le 13/06/2022 à 12:57, François Kooman
a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:a33066d1-5fd9-b6be-41f0-a6df2aed1a37@tuxed.net">Hi
Pascal,
<br>
<br>
The problem is that your Shibboleth installation also protects the
API endpoint and OAuth token endpoint. They need to be excluded,
i.e.:
<br>
<br>
<br>
# do not restrict API Endpoint as used by VPN clients
<br>
<Location /vpn-user-portal/api>
<br>
Require all granted
<br>
</Location>
<br>
<br>
# do not secure OAuth Token Endpoint as used by VPN clients
<br>
<Location /vpn-user-portal/oauth/token>
<br>
Require all granted
<br>
</Location>
<br>
<br>
As documented here:
<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md">https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md</a>
<br>
<br>
Did you follow these instructions? Is there a bug in our
documentation? Please let us know!
<br>
<br>
Regards,
<br>
François
<br>
<br>
<br>
On 13.06.22 09:03, Pascal Panneels via eduVPN-deploy wrote:
<br>
<blockquote type="cite">Hi François, all,
<br>
<br>
I've installed version 3 of the server a couple of days ago on
our (Belnet) server and upgraded for one of our customer
(Hasselt University) this week-end.
<br>
<br>
On my Ubuntu (client) machines, I'm using NetworkManager to
handle the [edu:open]vpn connexions and it works perfectly well.
<br>
<br>
I've tried to connect using the client on my iPhone. I'm adding
a connexion ("+" button, search for the server (ie: University
Hasselt), gets to the user authentication page, authentication
my user, and the I get a problem in the phase where I need to
approve the use of the app in the server) -see attached
screenshot if it can be of any help.
<br>
<br>
I've tried the eduvpn client on Ubuntu and gets similar problem
:
<br>
<br>
-8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
<br>
<br>
pep@pep-laptop:~$ eduvpn-cli search hasselt
<br>
<br>
...
<br>
<br>
Institute access:
<br>
[92] Hasselt University
<br>
<br>
pep@pep-laptop:~$ eduvpn-cli interactive
<br>
<br>
> 92
<br>
<br>
<a class="moz-txt-link-freetext" href="INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:starting">INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:starting</a>
procedure with auth_url <a class="moz-txt-link-freetext" href="https://eduvpn-uhasselt.belnet.be/">https://eduvpn-uhasselt.belnet.be/</a>
<br>
<a class="moz-txt-link-freetext" href="INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:token">INFO:/usr/lib/python3/dist-packages/eduvpn/actions.py:token</a>
exists, restoring
<br>
<a class="moz-txt-link-freetext" href="INFO:eduvpn.remote:Requesting">INFO:eduvpn.remote:Requesting</a>
<a class="moz-txt-link-freetext" href="https://eduvpn-uhasselt.belnet.be/.well-known/vpn-user-portal">https://eduvpn-uhasselt.belnet.be/.well-known/vpn-user-portal</a>
<br>
Traceback (most recent call last):
<br>
File "/usr/bin/eduvpn-cli", line 33, in <module>
<br>
sys.exit(load_entry_point('eduvpn-client==2.2.1',
'console_scripts', 'eduvpn-cli')())
<br>
File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line
139, in eduvpn
<br>
parse_eduvpn(argv[1:])
<br>
File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line
105, in parse_eduvpn
<br>
parsed.func(parsed)
<br>
File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 67,
in interactive
<br>
enroll(auth_url, display_name, support_contact,
secure_internets, interactive=True)
<br>
File "/usr/lib/python3/dist-packages/eduvpn/cli.py", line 42,
in enroll
<br>
api_url, oauth, token_endpoint, auth_endpoint =
actions.fetch_token(auth_url)
<br>
File "/usr/lib/python3/dist-packages/eduvpn/actions.py", line
68, in fetch_token
<br>
api_url, token_endpoint, auth_endpoint = get_info(auth_url)
<br>
File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line
89, in get_info
<br>
info = get_full_info(base_uri)
<br>
File "/usr/lib/python3/dist-packages/eduvpn/remote.py", line
85, in get_full_info
<br>
return request(uri)['api']['<a class="moz-txt-link-freetext" href="http://eduvpn.org/api#2">http://eduvpn.org/api#2</a>']
<br>
KeyError: '<a class="moz-txt-link-freetext" href="http://eduvpn.org/api#2">http://eduvpn.org/api#2</a>'
<br>
-8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--
<br>
<br>
<br>
Any idea of the cause ?
<br>
<br>
-- <br>
*Pascal Panneels*
<br>
System Architect
<br>
Belnet - Services
<br>
WTC III
<br>
Simon Bolivarlaan 30 Boulevard Simon Bolivar
<br>
Brussel 1000 Bruxelles
<br>
België - Belgique
<br>
T: +32 2 790 33 33
<br>
*www.belnet.be <a class="moz-txt-link-rfc2396E" href="http://www.belnet.be"><http://www.belnet.be></a>*
<br>
<br>
_______________________________________________
<br>
eduVPN-deploy mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:eduVPN-deploy@list.surfnet.nl">eduVPN-deploy@list.surfnet.nl</a>
<br>
<a class="moz-txt-link-freetext" href="https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy">https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy</a>
<br>
</blockquote>
<br>
</blockquote>
<div class="moz-signature">-- <br>
<b><font size="2" face="arial" color="#0092D2">Pascal Panneels</font></b><font
size="2" face="arial" color="#0092D2"><br>
System Architect<br>
Belnet - Services</font>
<font size="2" face="arial" color="#8B8E8D"><br>
WTC III<br>
Simon Bolivarlaan 30 Boulevard Simon Bolivar<br>
Brussel 1000 Bruxelles<br>
België - Belgique<br>
T: +32 2 790 33 33
<br>
<b><a href="http://www.belnet.be"
style="text-decoration:none;color:#0092D2">www.belnet.be</a></b><br>
</font>
</div>
</body>
</html>