Hi, It's difficult for others to debug your Shibboleth setup, as unfortunately many Shibboleth setups can be unique. However, my first guess is that this may be a configuration issue in your "authentication-shibboleth.cfg" (or local.cfg), as it looks like DSpace is getting "null" for all Shibboleth fields (uid, mail, etc).
This implies to me that either the connection (provider_url) to Shibboleth is incorrect, or your configurations for "authentication-shibboleth.netid-header" or "authentication-shibboleth.email-header" are incorrect for your Shibboleth system. I'd recommend reviewing the setup instructions in the DSpace documentation at https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication You also might want to consider temporarily setting up your DSpace to connect to the test Shibboleth at https://samltest.id/ using the "sample" configs in those docs... as that will provide a good test that your basic Shibboleth settings are correct. Then, you can switch over to your local institution's Shibboleth (that said, keep in mind your local institution may have different fields for "netid-header" and "mail-header", etc. So, you may need to work with local Shibboleth experts at your institution to find the correct settings to place in your "authentication-shibboleth.cfg". Sometimes it takes some trial and error to determine which settings work properly for your Shibboleth. Good luck and let us know on this list if you need more specific help. It's always possible that someone else on here may have a similar Shibboleth setup to you and can provide more specific advice. Tim ________________________________ From: [email protected] <[email protected]> on behalf of Snickers <[email protected]> Sent: Thursday, August 18, 2022 10:11 PM To: DSpace Technical Support <[email protected]> Subject: [dspace-tech] Shibboleth error - org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson because we are unable to find an email address along with first and last name for the user. Hi All, I am setting up shibboleth authentication and got below error: eAPIRequestLoggingFilter @ Before request [GET /server/api/authz/authorizations/search/object] originated from /home 2022-08-19 12:47:16,184 INFO aebd1170-b43b-47f9-b3e4-0990b4b7d105 6cddd761-cb75-418f-8e89-c9a7a99f426e org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [POST /server/api/statistics/viewevents] originated from /home 2022-08-19 12:47:16,193 INFO aebd1170-b43b-47f9-b3e4-0990b4b7d105 6cddd761-cb75-418f-8e89-c9a7a99f426e org.dspace.usage.LoggerUsageEventListener @ anonymous::view_site:site_id=1d6ea8fd-1ba8-43a8-a12e-ddb97413cfba 2022-08-19 12:47:19,282 ERROR unknown unknown org.dspace.authenticate.ShibAuthentication @ Shibboleth authentication was not able to find a NetId, Email, or Tomcat Remote user for which to indentify a user from. 2022-08-19 12:47:19,282 ERROR unknown unknown org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson because we are unable to find an email address along with first and last name for the user. NetId Header: 'uid'='null' (Optional) Email Header: 'mail'='null' First Name Header: 'givenName'='null' Last Name Header: 'surname'='null' 2022-08-19 12:47:19,282 INFO unknown unknown org.dspace.app.rest.security.EPersonRestAuthenticationProvider @ anonymous::failed_login:email=null, result=4 2022-08-19 12:47:19,283 ERROR unknown unknown org.dspace.app.rest.security.StatelessLoginFilter @ Authentication failed (status:401) org.springframework.security.authentication.BadCredentialsException: Login failed at org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticateNewLogin(EPersonRestAuthenticationProvider.java:150) ~[classes/:7.3] 1. Authentication.cfg and Authentication-Shibboleth.cfg are configured - https://groups.google.com/g/dspace-tech/c/qRoprzbNsiE?pli=1 2. Shibboleth.sso/Session shows 5 attributes returned 3. Apache configs: <Location /secure> ShibUseHeaders on SetHandler shib AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session </Location> <Location /> AuthType shibboleth ShibRequestSetting requireSession false Require shibboleth </Location> <Location /server/api/authn/shibboleth> AuthType shibboleth ShibRequestSetting requireSession 1 ShibUseHeaders On Require shibboleth </Location> <Location /server/api/authn/login> AuthType shibboleth ShibRequestSetting requireSession false ShibUseHeaders On </Location> <Location /Shibboleth.sso> SetHandler shib </Location> I looked at the documentation below and I am pretty sure I did the relevant steps. https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Shibboleth+Configurationhttps://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-Sampleattribute-map.xmlConfiguration(forsamltest.id) Could someone had the similar issues? Any suggestion is welcomed. Regards, Bryan -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/90df36ff-c77e-4163-818d-222075994b71n%40googlegroups.com<https://groups.google.com/d/msgid/dspace-tech/90df36ff-c77e-4163-818d-222075994b71n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/PH0PR22MB32744EA453475B51DF40E9E0ED6C9%40PH0PR22MB3274.namprd22.prod.outlook.com.
