Hello everyone,
I have followed the installation guide to configure shibboleth SP. When I try to login to my Indico instance with SSO, I get this error after providing the credentials of the IDP:
Login failed: No valid data received
my indico.conf file:
# SSO
AUTH_PROVIDERS = {
'shib-sso': {
'type': 'shibboleth',
'title': 'SSO',
'attrs_prefix': ' ',
'callback_uri': '/login/shib-sso/shibboleth',
# 'logout_uri': 'https://login.yourcompany.tld/logout'
}
}
IDENTITY_PROVIDERS = {
'shib-sso': {
'type': 'shibboleth',
'title': 'SSO',
'identifier_field': 'mail',
'mapping': {
'login': 'eppn',
'personId': 'persistent-id',
'email': 'mail'
},
'trusted_email': True
}
}
Here is my shibboleth2.xml:
Note: I have changed the URL of the IDP on purpose.
NB: Removed some lines for brevity
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="https://mysite.example.so/shibboleth"
REMOTE_USER="mail eppn persistent-id targeted-id"
<SSO
discoveryProtocol="SAMLDS" discoveryURL="https://idp.example.com/ds/WAYF">
SAML2 SAML1
</SSO>
<!-- SAML and local-only logout. -->
<Logout>SAML2 Local</Logout>
<!-- Example of remotely supplied batch of signed metadata. -->
<MetadataProvider type="XML"
url="http://idp.example.com/metadata/idp.xml"
backingFilePath="idp.xml" reloadInterval="7200">
<MetadataFilter type="Signature" certificate="/etc/shibboleth/idp.pem"/>
</MetadataProvider>
<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" use="signing"
key="sp-key.pem" certificate="sp-cert.pem"/>
<CredentialResolver type="File" use="encryption"
key="sp-key.pem" certificate="sp-cert.pem"/>
</SPConfig>
In the attribute-map.xml, I have not changed anything.
I have searched in the forums and could not find any post that solves my issue.
Your help is highly appreciated.