Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Configuring shibboleth auth is not anymore working

See original GitHub issue

Since the changes merged in #825 it is unclear to me how to configure shibboleth based AUTH as in the past and as documented here: https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md

I tried to set the following ENV variables:

ENABLE_AUTH=1
AUTH_TYPE=shibboleth

But this just keeps presenting me a pop up to enter a password without sending me to the auth url.

Which env variables do need to be set and does one need to do any additional changes?

Issue Analytics

State:
Created 3 years ago
Comments:7 (7 by maintainers)

Top GitHub Comments

1reaction

duritongcommented, Feb 17, 2021

I made a PR #958

0reactions

duritongcommented, Feb 17, 2021

Ok, I figured it out, the following config make it work again:

cat /config/jicofo.conf | sed '/^\s*$/d'
jicofo {
    authentication {
      enabled = true
      // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
      type = SHIBBOLETH 
      login-url = "shibboleth:default"
    }
    // Configuration related to jitsi-videobridge
    bridge {
      brewery-jid = "jvbbrewery@internal-muc.meet.jitsi"
    }
    // Configure the codecs and RTP extensions to be used in the offer sent to clients.
    codec {
      video {
      }
    }
    conference {
    }
    octo {
      id = "1"
    }
    xmpp {
      client {
        enabled = true
        hostname = "localhost"
        domain = "auth.meet.jitsi"
        username = "focus"
        password = "xxx"  
        conference-muc-jid = "muc.meet.jitsi"
        disable-certificate-verification = true
      }
    }
}

Important is to set login-url properly, I guess also the logout URL somewhow, as we did in the past:

org.jitsi.jicofo.auth.URL=shibboleth:default
org.jitsi.jicofo.auth.LOGOUT_URL=shibboleth:default

and described here: https://github.com/jitsi/jicofo/blob/3936f654fc90d0aac9c109efc50d692ab3f457d6/src/main/java/org/jitsi/jicofo/auth/ShibbolethAuthAuthority.java#L53-L59

Can you include that in your template logic?

Top Results From Across the Web

IdP Common Errors - Shibboleth 2 - Confluence

It is usually caused by improperly configured IdP endpoints at the federation. Some federations do not support SAML2 yet and trying to "fool"...

Unable to authenticate with Shibboleth - Seafile Forum

Hi, I am currently trying to set up a new instance of Seafile server, ... it seems everything is working as expected except...

Install and Configure Shibboleth for SAML on Windows and IIS

In Control Panel, open Administrative Tools > Services. The Shibboleth service (Shibboleth 2 Daemon) should have Service = Started, Startup Type ...

Authentication How-To Guide: SAML/Shibboleth Integration

Configure Shibboleth for the Harvard IdP (Pre-Production). Now you need to configure your SP to work with the Harvard University identity provider (IdP)....

Configuring Shibboleth (SAML) | Rancher Manager

If your organization uses Shibboleth Identity Provider (IdP) for user authentication, you can configure Rancher to allow your users to log ...