hi @snickers, do you have these article? i have some issue width oidc and i believe that this is the response. El jueves, 25 de agosto de 2022 a la(s) 6:23:22 p.m. UTC-5, Snickers escribió:
> Hi Tim, > > Solved the issue. > > The cause was using mod_proxy. Found an article that you need to use AJP > for Shibboleth authentication. After switching it to AJP connector, it > works. It would help anyone who might have the same issue if this is > mentioned in the installation documentation. > > Regards, > Bryan > On Wednesday, August 24, 2022 at 4:46:21 PM UTC+12 Snickers wrote: > >> Hi Tim, >> >> Thank you for your answer and for providing the details. I have been >> going through the docs and samltest but no luck. >> >> I am sure that the shibboleth is setup correctly as I can see the >> metadata values from "/Shibboleth.sso/Session". Also the >> authentication-shibboleth.cfg files have the same attribute names that I >> can see from attribute-map.xml file. >> >> I assume that it could be something from Apache configuration that the >> values are not being passed to Dspace. I followed the documentation e.g. >> <Location /server/api/authn> or UseShibheaders etc. But not sure since it >> matches with the configuration for other systems or the examples from the >> doc. >> >> One thing possibly matters is that I have frontend and backed services >> running on the same dev server. I mainly look at the backend configuration >> but I also tried the frontend configuration to have the same settings. >> >> Regards, >> Bryan >> >> >> >> On Saturday, August 20, 2022 at 2:25:11 AM UTC+12 Tim Donohue wrote: >> >>> Hi, >>> >>> It's difficult for others to debug your Shibboleth setup, as >>> unfortunately many Shibboleth setups can be unique. However, my first >>> guess is that this may be a configuration issue in your >>> "authentication-shibboleth.cfg" (or local.cfg), as it looks like DSpace is >>> getting "null" for all Shibboleth fields (uid, mail, etc). >>> >>> This implies to me that either the connection (provider_url) to >>> Shibboleth is incorrect, or your configurations for >>> "authentication-shibboleth.netid-header" or >>> "authentication-shibboleth.email-header" are incorrect for your Shibboleth >>> system. >>> >>> I'd recommend reviewing the setup instructions in the DSpace >>> documentation at >>> https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication >>> >>> You also might want to consider *temporarily* setting up your DSpace >>> to connect to the test Shibboleth at https://samltest.id/ using the >>> "sample" configs in those docs... as that will provide a good test that >>> your basic Shibboleth settings are correct. Then, you can switch over to >>> your local institution's Shibboleth (that said, keep in mind your local >>> institution may have different fields for "netid-header" and "mail-header", >>> etc. So, you may need to work with local Shibboleth experts at your >>> institution to find the correct settings to place in your >>> "authentication-shibboleth.cfg". Sometimes it takes some trial and error >>> to determine which settings work properly for your Shibboleth. >>> >>> Good luck and let us know on this list if you need more specific help. >>> It's always possible that someone else on here may have a similar >>> Shibboleth setup to you and can provide more specific advice. >>> >>> Tim >>> ------------------------------ >>> *From:* dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf >>> of Snickers <crims...@gmail.com> >>> *Sent:* Thursday, August 18, 2022 10:11 PM >>> *To:* DSpace Technical Support <dspac...@googlegroups.com> >>> *Subject:* [dspace-tech] Shibboleth error - >>> org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson >>> because we are unable to find an email address along with first and last >>> name for the user. >>> >>> Hi All, >>> >>> I am setting up shibboleth authentication and got below error: >>> >>> eAPIRequestLoggingFilter @ Before request [GET >>> /server/api/authz/authorizations/search/object] originated from /home >>> 2022-08-19 12:47:16,184 INFO aebd1170-b43b-47f9-b3e4-0990b4b7d105 >>> 6cddd761-cb75-418f-8e89-c9a7a99f426e >>> org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request >>> [POST /server/api/statistics/viewevents] originated from /home >>> 2022-08-19 12:47:16,193 INFO aebd1170-b43b-47f9-b3e4-0990b4b7d105 >>> 6cddd761-cb75-418f-8e89-c9a7a99f426e >>> org.dspace.usage.LoggerUsageEventListener @ >>> anonymous::view_site:site_id=1d6ea8fd-1ba8-43a8-a12e-ddb97413cfba >>> 2022-08-19 12:47:19,282 ERROR unknown unknown >>> org.dspace.authenticate.ShibAuthentication @ Shibboleth authentication was >>> not able to find a NetId, Email, or Tomcat Remote user for which to >>> indentify a user from. >>> >>> >>> >>> >>> >>> *2022-08-19 12:47:19,282 ERROR unknown unknown >>> org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson >>> because we are unable to find an email address along with first and last >>> name for the user. NetId Header: 'uid'='null' (Optional) Email Header: >>> 'mail'='null' First Name Header: 'givenName'='null' Last Name Header: >>> 'surname'='null' 2022-08-19 12:47:19,282 INFO unknown unknown >>> org.dspace.app.rest.security.EPersonRestAuthenticationProvider @ >>> anonymous::failed_login:email=null, result=4* >>> 2022-08-19 12:47:19,283 ERROR unknown unknown >>> org.dspace.app.rest.security.StatelessLoginFilter @ Authentication failed >>> (status:401) >>> org.springframework.security.authentication.BadCredentialsException: >>> Login failed >>> at >>> org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticateNewLogin(EPersonRestAuthenticationProvider.java:150) >>> >>> ~[classes/:7.3] >>> >>> >>> 1. Authentication.cfg and Authentication-Shibboleth.cfg are configured - >>> https://groups.google.com/g/dspace-tech/c/qRoprzbNsiE?pli=1 >>> 2. Shibboleth.sso/Session shows 5 attributes returned >>> >>> 3. Apache configs: >>> <Location /secure> >>> ShibUseHeaders on >>> SetHandler shib >>> AuthType shibboleth >>> ShibRequestSetting requireSession 1 >>> require shib-session >>> </Location> >>> >>> <Location /> >>> AuthType shibboleth >>> ShibRequestSetting requireSession false >>> Require shibboleth >>> </Location> >>> <Location /server/api/authn/shibboleth> >>> AuthType shibboleth >>> ShibRequestSetting requireSession 1 >>> ShibUseHeaders On >>> Require shibboleth >>> </Location> >>> <Location /server/api/authn/login> >>> AuthType shibboleth >>> ShibRequestSetting requireSession false >>> ShibUseHeaders On >>> </Location> >>> <Location /Shibboleth.sso> >>> SetHandler shib >>> </Location> >>> >>> I looked at the documentation below and I am pretty sure I did the >>> relevant steps. >>> https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Shibboleth+Configuration >>> https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-Sampleattribute-map.xmlConfiguration(forsamltest.id) >>> >>> Could someone had the similar issues? Any suggestion is welcomed. >>> >>> Regards, >>> Bryan >>> >>> -- >>> All messages to this mailing list should adhere to the Code of Conduct: >>> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "DSpace Technical Support" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to dspace-tech...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/dspace-tech/90df36ff-c77e-4163-818d-222075994b71n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/dspace-tech/90df36ff-c77e-4163-818d-222075994b71n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/3c9aa055-522e-4df6-a5f5-c737243f1a35n%40googlegroups.com.
