search

openeuropa / oe_authentication

The OpenEuropa Authentication Drupal module allows to authenticate against the European Commission login service EU Login (ECAS)
Other
14 stars 9 forks source link

You are using an invalid service to access EU Login #110

Open helmo opened 4 years ago

helmo commented 4 years ago

Hi,

After installing this module I get the following error:

You are using an invalid service to access EU Login: ['https://d8tst.example.com/casservice?destination=/']

Selection_177

Instead of example.com I'm using a functional domain name.

Is there a need to register this website first before it can be used with EU login? I didn't seen any references in the README.md

helmo commented 4 years ago

To summerize the slack channel openeuropa-authn:

Setting the server to use ecas.acceptance.ec.europa.eu made no difference.

eguskim:

I did find out a mention of registering applications before using the acceptance server here: https://webgate.ec.europa.eu/CITnet/confluence/display/IAM/TEST+and+ACCEPTANCE+environments I would suggest trying to contact the ecas team and explaining the problem since it seems to be an issue on their side more than on the client (our) side

fbota commented 4 years ago

In case your application is not having an europa.eu domain name (whatever level under europa.eu or ec.europa.eu would be ok), you need to go through the regular registration with ECAS team in order to authorize the use of ECAS by your application. Best recommended option is to use our Cloud9 service for drupal developers - it automatically provides you a URL for your development machine below a europa.eu domain and this means that your development environment will be automatically whitelisted for EU Login, webtools use, Europa websites banner and multiple other similar cases. In case you use your own development environment you will have to go through the process of whitelisting/authorizing your specific URL on each of those individual services. For ECAS the default authorization (in place for our Cloud9 service) allows a default access - in case you need a customized mode you will have in any case to go through the authorization process since this one allows to require variations (eg. access for social media users, access for limited users or with MFA or similar).

So you have 3 options: either go through the authorization process (more details on the ECAS Service documentation at https://webgate.ec.europa.eu/CITnet/confluence/display/IAM/TEST+and+ACCEPTANCE+environments), use our Cloud9 for development (automatic authorization) or use the ECAS mockup provided by the ECAS team (https://webgate.ec.europa.eu/CITnet/confluence/display/IAM/Mockup). We recommend usage of the Cloud9 we have and since ECAS is a service managed by a separate team, we cannot support the other 2 options - for them you will have to interact directly with the ECAS support, our team is offering only the ECAS client module.

helmo commented 4 years ago

Thanks @fbota, could you add a note to the README of this project about it. Maybe something along the lines of:

To use this authentication the site using it needs te be under the europa.eu domain, e.g. http://example.ec.europa.eu

In case you use your own development environment you will have to go through the process of whitelisting/authorizing your specific URL on each of those individual services. 
See [CITnet/confluence](https://webgate.ec.europa.eu/CITnet/confluence/display/IAM/TEST+and+ACCEPTANCE+environments) for more information.