Salve,
ho fatto il setup del progetto https://github.com/italia/spid-cie-oidc-django#setup e funziona tutto correttamente, riesco a fare un login con SPID.

Invece se mando la richiesta da questo progetto ottengo questo errore

La riposta dalla federazione di test è:

/oidc/rp/redirect?error=invalid_request&error_description=Failed+to+establish+the+Trust&state=MTUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA

Sto eseguendo tutto in locale su localhost:9999 e ho configurato questo indirizzo come client_id

Nel log non vedo niente.

A cosa potrebbe essere dovuto l'errore?

E' possibile utilizzare anche il validator SPID per verificare il sistema?

https://github.com/italia/spid-cie-oidc-php/blob/main/lib/Federation/EntityStatement.php#L88

what's happen if a metadata has a jwks_uri claim instead of jwks?

[Doc] Document how to run/build the Docker image in the docker compose of a example Federation

Following this example
https://github.com/italia/spid-cie-oidc-django#docker-compose

all the example SPID/CIE RP projects must be configurable, runnable and usable in the docker-compose of the example federation.
Please provide a Dockerfile, and push the docker image to dockerhub or any other public repository of docker image, with instruction about how to build/pull it and how to configure it in the example federation compose file.

https://github.com/italia/spid-cie-oidc-php/blob/main/doc/howto-proxy/README.md

Hi,

thank you for making this repo available for the community. I have a question about the possibility of using this package for generic OIDC Federation Relying Party (not for SPID or CIE), since usage as a library is (somewhat) indicated in the readme.

So, my intention is to use spid-cie-oidc-php federation related classes for entity statement, trust chain resolution, etc. in another OIDC RP package.

I have gone ahead and tried to instalall spid-cie-oidc-php as a dependency using composer

composer require linfaservice/spid-cie-oidc-php

I got a warning about missing / not known 'spid-sp-access-button' dependency. Then I added the following repo indication in my composer.json

"repositories": {
    "spid-sp-access-button": {
      "type": "package",
      "package": {
        "name": "italia/spid-sp-access-button",
        "version": "1.0.0",
        "source": {
          "url": "https://github.com/italia/spid-sp-access-button",
          "type": "git",
          "reference": "master"
        }
      }
    }
  },

After that, the composer installation was successful.

Next, my intention was to try to use EntityStatement class. The thing I encountered is this: I see in sample RP configs there is 'redirect_uri' property available, however I see that the redirect URI is hardcoded in method EntityStatement ::makeFromConfig() , and will not be correct for my RP, line

Also, another example of hardcoded redirect_uri (not from config) is in AuthenticationRequest class, line

In AuthenticationRequest class I also see SPID / CIE related configs and parameters set...

I guess this all was made on purpose, and since you have the whole TA/OP/RP containerized test environment available...

The question I'm trying to ask, is usage as a generic class library plausible at all or is this package intended as is, for SPID CIE? Is creating generic class library something that you would consider at all?

Some background: as part of GEANT Trust & Incubator activity we are searching for existing PHP OIDC Fed capable RPs, and came across this repo. We are planning on implementing OIDC Fed capable RP in SimpleSAMLphp: https://wiki.geant.org/display/GWP5/OIDCfed+support+on+SimpleSAMLphp

Please add a badge in the README where the users can have the preview of the coverage reached in this project

Ciao,

forse mi è sfuggito qualcosa, ma non ho trovato documentazione a riguardo.

Quando eseguo composer install mi chiede diversi parametri e non sono sicuro come compilarli:

Nello specifico:

authority_hint con valore di default http://trust-anchor.org:8000/

Su questo non ho trovato informazioni neanche sulle linee guida.

redirect_uri

Ho lasciato quello proposto (in base al nome che ho dato all'enpoint del relying party):

/spid_openid/test.php

Forse dipende dal fatto di non avere compilato bene i parametri ma, quando cerco di andare su /spid_openid/oidc/rp/authz come descritto sulla guida va a cercare un file sqlite che non c'è:

../data/store-rp.sqlite

Unable to open database: bad parameter or other API misuse [C:\Sviluppo\QUESTIT\spid-cie-oidc-php-main\lib\OIDC\RP\Database.php:45]

Ciao,
sto cercando di create una componente tecnica OIDC sul portale di federazione, se inserisco nel campo "chiave pubblica di federazione" l'intero oggetto jwks ottengo l'errore:

Se rimuovo manualmente gli elementi x5c, x5t e x5t#256 ottengo invece l'errore seguente:

Sto inserendo i dati sbagliati in quel campo?

Please add php in the html title

Greetings,
I'm trying to create a test implementation, but when I click on the "Spid" button and select the test OP, I'm getting a couple of errors raised by TrustChain class: https://github.com/italia/spid-cie-oidc-php/blob/main/lib/Federation/TrustChain.php

Errors are due to variables that were not declared:
-$entity_statement at line 131
-$policy at line 194

Is something missing in my configuration/installation?

here:
https://github.com/italia/spid-cie-oidc-php/blob/main/www/index.php#L54

we need backup values but all these params must be moved to a general config file

Hi , would there be a guide to implement this module on a site made in Wordpress?

https://github.com/italia/spid-cie-oidc-php/blob/main/doc/howto-gateway/README.md

Actually we see a raw json object in a browser