Issues with mod_auth_mellon

Good morning,

We’re setting up a new instance of OnDemand and are having issues with mod_auth_mellon. We’re probably missing something, just wanted to check with someone that has more experience with this.

Following this: SAML Authentication with Active Directory Federated Services (ADFS) and mod_auth_mellon — Open OnDemand 3.0.3 documentation

So we wget the metadata, then run export mellon_endpoint=“https://$(hostname)/mellon”

Then run the script: /usr/libexec/mod_auth_mellon/ “${mellon_endpoint}/metadata” “${mellon_endpoint}”

This creates a .cert and a .key file, but not an .xml file. It is my understanding that we should have another .xml file generated as well, correct? As the next step says to put in the path to both a MellonSPMetadataFile and a MellonIdPMetadataFile:

MellonSPPrivateKeyFile /etc/httpd/mellon/mellon.key
MellonSPCertFile /etc/httpd/mellon/mellon.cert
MellonSPMetadataFile /etc/httpd/mellon/mellon_metadata.xml
MellonIdPMetadataFile /etc/httpd/mellon/idpmetadata.xml

The idpmetadata.xml is not the same as the mellon_metadata.xml correct?

Any help on this would be appreciated. Thank you.

Unfortunately we don’t have a lot of experience with this module and it was a community addition to the docs.

@nealep I see you made the original contribution, would you have time to add any pointers here to help guide the setup and the missing .xml file?

Looks like it’s a bug: Bug #2052795 “mellon_create_metadata fails silently to create xm...” : Bugs : ssl-cert package : Ubuntu

We’ll find a workaround. I appreciate the offer of help!