Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to get it work in pre-production. What is the state of the art of SPID CIE OIDC? #27

Open
unicg opened this issue Oct 29, 2024 · 0 comments
Open

Unable to get it work in pre-production. What is the state of the art of SPID CIE OIDC? #27

unicg opened this issue Oct 29, 2024 · 0 comments

Comments

@unicg
Copy link

unicg commented Oct 29, 2024
edited
Loading

Hi @damikael!

Thx for this nice Federation Relying Party code. There are many open questions, because I'm not able to get it work for pre-production (pre-produzione).

Here my setup:

  1. I use the latest dev branch.
  2. The composer has successfully installed the application.
  3. I have created the OP cert and pem.
  4. The application is configured for Wordpress OIDC client authentication like described in the docs.
  5. The endpoint is public available over HTTPS.

The endpoint works and the next step was to create a "componente tecnica" on the web portal of the public federation.

1

In the field "Chiave pubblica di federazione" I have tried to paste maybe everything of the following content, but it return always the same error on submit.

Content of URL response or .crt

Raw JSON

JWT

Public RP .crt

  • rp-fed.crt
  • rp.crt
  • rp-enc.crt

After submit I get always this error:

2

On the JWT or raw JSON of /*/.well-known/openid-federation the sub is present! So, it is not clear what I have to paste on the field "Chiave pubblica di federazione".

I have also used https://validator.spid.gov.it/oidc/rp/ to check the metadata of the /*/.well-known/openid-federation.

3

works on both but the check has two red fields:

4

1.2.4 I don't understand what's wrong here, because we have JWKS.
1.2.14 In my opinion it is a bug, because authority_hints has value of type array and should be an array (by definition) and not a string.

I am desperate because many things does not work here and the docs are very poor. We have a deadline to get it work, so any help is very appreciated.

Is spid-cie-oidc-php ready for production? If yes, what is wrong? If not, when is it ready?

Related:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@unicg