By: Miguel Foo user 13 Jun 2017 at 9:05 p.m. CDT

3 Responses
Miguel Foo gravatar
Hey y'all, Having some issues with `Shibboleth` and `gluu` trying to authenticate with a `moodle` instance. My setup: ![simplified deployment diagram](http://i.imgur.com/yNfHBuW.png "simplified deployment diagram") Moodle uses a plugin to enable SAML2 similar to Wordpress, however I can't seem to figure out what I'm doing wrong. Both sides see each other's metadata. But when I try to authenticate with wordpress it gives me this page. ![The application you have accessed is not registered for use with this service.](https://i.imgur.com/WfTU92Q.png "The application you have accessed is not registered for use with this service.") Some caveats, I have not configured anything other than adding the trust relationship in `gluu`(with fields and metadata link) and the metadata link in `Moodle`. I'm not quite asking for how to do it specifically in moodle, but I figure this could be any SAML2 application. Here is the configuration page for Moodle's SAML2 plugin ![Moodle SAML2 Plugin Configuration Page](https://i.imgur.com/ty7qbnq.jpg "Moodle SAML2 Plugin Configuration Page") Even a link would be helpful, can't seem to find alot of documentation on how to configure Gluu with a SAML application beyond what I've done with the trust relationship

By Mohib Zico Account Admin 14 Jun 2017 at 1:02 a.m. CDT

Mohib Zico gravatar
Hi Miguel, Feel free to check the 'Troubleshoot' part of [this](https://github.com/GluuFederation/docs-ce-prod/blob/3.0.1/3.0.1/source/integration/testShib2.md) doc. Last part.

By Miguel Foo user 14 Jun 2017 at 8:04 a.m. CDT

Miguel Foo gravatar
Nice, I'll give that a try see if I'm configuring it correctly. I managed to get this log entry when I try to authenticate ``` 2017-06-14 12:56:13,683 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for relying party configuration shibboleth.UnverifiedRelyingParty 2017-06-14 12:56:13,686 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: InvalidProfileConfiguration ``` and ``` 2017-06-14 12:56:13,682 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:128] - Message Handler: No metadata returned for https://<redacted>.com/moodle/auth/saml2/sp/metadata.php in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol 2017-06-14 12:56:13,683 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for relying party configuration shibboleth.UnverifiedRelyingParty 2017-06-14 12:56:13,686 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: InvalidProfileConfiguration ``` but I'll report back when I try your link

By Miguel Foo user 14 Jun 2017 at 10:37 a.m. CDT

Miguel Foo gravatar
The issue seems to be around certificates. I'm going to open up a new thread because I believe my architecture may not be in the "best practice" way of doing things with gluu