I think my main issue for now is, that all oidc and oauth2 flows are not
registered on IDP startup at all, which leads to tomcat giving me 404
for the various oidc endpoints.
I've set up a dev environment with vagrant up alongside, which gives me
the following idp-process logs (truncated for readability, there are
more of course):
Registered flow ID 'oauth2/introspection' using 'file
Registered flow ID 'oidc/authorize' using 'file
None of those is present in my IDP 3.4.4+manual install environment,
just the normal shibboleth ones.
However, I can see some org.geant log entries, e.g. when parsing
/opt/shibboleth-idp/metadata/oidc-client.json, which at least verifies,
that the jars etc. are picked up correctly.
So... the main difference I can see:
Vagrant up environment: IDP 3.4.0 and more recent version of extension
IDP3.4.4+manual install environment: IDP 3.4.4 and extension 1.0.2
For all I can tell, the config should be similar. Of course all flows
files etc. are present in both environments.
I get no significant warns or errors in either idp log or tomcat log.
Has anyone done a manual install successfully yet and any ideas, what
the issue could be?
Is IDP 3.4.4 vs 3.4.0 breaking things?
David Hübner, Solutions Engineer
DAASI International GmbH
Yeah, well, your first remark made me think and the issue was due to
file system permissions of the files added by the extension.
Rather obvious now, but sometimes the simple things are the hardest to
spot... ;) Sorry for the noise.
On 05.07.19 16:05, Cantor, Scott wrote:
> There are two supported ways to add webflows. Both of them require specific conventions on the directory and file names to end up with the expected flow IDs (flowid/flowid-flow.xml)
> The directory structure can either be in $idp.home/flows (or wherever the idp.webflows property points) or can be loaded from a jarfile via /META-INF/net/shibboleth/idp/flows
> The jar approach would be the recommended way in most cases since flows aren't generally editable, and avoids the problems with getting extra files installed.
> But both of those extension points should work in all recent versions.
> -- Scott