Hi Tim, Thank you for your answer and for providing the details. I have been going through the docs and samltest but no luck.
I am sure that the shibboleth is setup correctly as I can see the metadata values from "/Shibboleth.sso/Session". Also the authentication-shibboleth.cfg files have the same attribute names that I can see from attribute-map.xml file. I assume that it could be something from Apache configuration that the values are not being passed to Dspace. I followed the documentation e.g. <Location /server/api/authn> or UseShibheaders etc. But not sure since it matches with the configuration for other systems or the examples from the doc. One thing possibly matters is that I have frontend and backed services running on the same dev server. I mainly look at the backend configuration but I also tried the frontend configuration to have the same settings. Regards, Bryan On Saturday, August 20, 2022 at 2:25:11 AM UTC+12 Tim Donohue wrote: > Hi, > > It's difficult for others to debug your Shibboleth setup, as unfortunately > many Shibboleth setups can be unique. However, my first guess is that this > may be a configuration issue in your "authentication-shibboleth.cfg" (or > local.cfg), as it looks like DSpace is getting "null" for all Shibboleth > fields (uid, mail, etc). > > This implies to me that either the connection (provider_url) to Shibboleth > is incorrect, or your configurations for > "authentication-shibboleth.netid-header" or > "authentication-shibboleth.email-header" are incorrect for your Shibboleth > system. > > I'd recommend reviewing the setup instructions in the DSpace documentation > at > https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication > > You also might want to consider *temporarily* setting up your DSpace to > connect to the test Shibboleth at https://samltest.id/ using the "sample" > configs in those docs... as that will provide a good test that your basic > Shibboleth settings are correct. Then, you can switch over to your local > institution's Shibboleth (that said, keep in mind your local institution > may have different fields for "netid-header" and "mail-header", etc. So, > you may need to work with local Shibboleth experts at your institution to > find the correct settings to place in your > "authentication-shibboleth.cfg". Sometimes it takes some trial and error > to determine which settings work properly for your Shibboleth. > > Good luck and let us know on this list if you need more specific help. > It's always possible that someone else on here may have a similar > Shibboleth setup to you and can provide more specific advice. > > Tim > ------------------------------ > *From:* [email protected] <[email protected]> on behalf > of Snickers <[email protected]> > *Sent:* Thursday, August 18, 2022 10:11 PM > *To:* DSpace Technical Support <[email protected]> > *Subject:* [dspace-tech] Shibboleth error - > org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson > because we are unable to find an email address along with first and last > name for the user. > > Hi All, > > I am setting up shibboleth authentication and got below error: > > eAPIRequestLoggingFilter @ Before request [GET > /server/api/authz/authorizations/search/object] originated from /home > 2022-08-19 12:47:16,184 INFO aebd1170-b43b-47f9-b3e4-0990b4b7d105 > 6cddd761-cb75-418f-8e89-c9a7a99f426e > org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request > [POST /server/api/statistics/viewevents] originated from /home > 2022-08-19 12:47:16,193 INFO aebd1170-b43b-47f9-b3e4-0990b4b7d105 > 6cddd761-cb75-418f-8e89-c9a7a99f426e > org.dspace.usage.LoggerUsageEventListener @ > anonymous::view_site:site_id=1d6ea8fd-1ba8-43a8-a12e-ddb97413cfba > 2022-08-19 12:47:19,282 ERROR unknown unknown > org.dspace.authenticate.ShibAuthentication @ Shibboleth authentication was > not able to find a NetId, Email, or Tomcat Remote user for which to > indentify a user from. > > > > > > *2022-08-19 12:47:19,282 ERROR unknown unknown > org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson > because we are unable to find an email address along with first and last > name for the user. NetId Header: 'uid'='null' (Optional) Email Header: > 'mail'='null' First Name Header: 'givenName'='null' Last Name Header: > 'surname'='null' 2022-08-19 12:47:19,282 INFO unknown unknown > org.dspace.app.rest.security.EPersonRestAuthenticationProvider @ > anonymous::failed_login:email=null, result=4* > 2022-08-19 12:47:19,283 ERROR unknown unknown > org.dspace.app.rest.security.StatelessLoginFilter @ Authentication failed > (status:401) > org.springframework.security.authentication.BadCredentialsException: Login > failed > at > org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticateNewLogin(EPersonRestAuthenticationProvider.java:150) > > ~[classes/:7.3] > > > 1. Authentication.cfg and Authentication-Shibboleth.cfg are configured - > https://groups.google.com/g/dspace-tech/c/qRoprzbNsiE?pli=1 > 2. Shibboleth.sso/Session shows 5 attributes returned > > 3. Apache configs: > <Location /secure> > ShibUseHeaders on > SetHandler shib > AuthType shibboleth > ShibRequestSetting requireSession 1 > require shib-session > </Location> > > <Location /> > AuthType shibboleth > ShibRequestSetting requireSession false > Require shibboleth > </Location> > <Location /server/api/authn/shibboleth> > AuthType shibboleth > ShibRequestSetting requireSession 1 > ShibUseHeaders On > Require shibboleth > </Location> > <Location /server/api/authn/login> > AuthType shibboleth > ShibRequestSetting requireSession false > ShibUseHeaders On > </Location> > <Location /Shibboleth.sso> > SetHandler shib > </Location> > > I looked at the documentation below and I am pretty sure I did the > relevant steps. > https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Shibboleth+Configuration > https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-Sampleattribute-map.xmlConfiguration(forsamltest.id) > > Could someone had the similar issues? Any suggestion is welcomed. > > Regards, > Bryan > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx > --- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-tech/90df36ff-c77e-4163-818d-222075994b71n%40googlegroups.com > > <https://groups.google.com/d/msgid/dspace-tech/90df36ff-c77e-4163-818d-222075994b71n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/0ee8cb2b-f13f-437e-b8b7-53a558ec766fn%40googlegroups.com.
