How to interpret this error: Unable to find the current binding.
1,798 views
Skip to first unread message
Itay Moav
Dec 7, 2015, 8:45:52 AM12/7/15
to simple...@googlegroups.com
My SSO works fine.
I am the IdP, I can log on to the SP, no issues.
When I press the logout button on the SP side, I get:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 1 /usr/local/medstarapps/smiagol/www/_include.php:37 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: Exception: Unable to find the current binding. Backtrace: 2 /usr/local/medstarapps/smiagol/vendor/simplesamlphp/saml2/src/SAML2/Binding.php:97 (SAML2_Binding::getCurrentBinding) 1 /usr/local/medstarapps/smiagol/modules/saml/lib/IdP/SAML2.php:487 (sspmod_saml_IdP_SAML2::receiveLogoutMessage) 0 /usr/local/medstarapps/smiagol/www/saml2/idp/SingleLogoutService.php:22 (N/A)
In the meta for the SP I have:
'SingleLogoutService' => [
0 =>
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'the url to the logout on the SP',
],
],
What am I missing?
Matthew Slowe
Dec 7, 2015, 8:47:55 AM12/7/15
to simple...@googlegroups.com
On 07/12/2015, 13:45, "simple...@googlegroups.com on behalf of Itay Moav" <simple...@googlegroups.com on behalf of itay.ma...@gmail.com> wrote:
>My SSO works fine.
>I am the IdP, I can log on to the SP, no issues.
>When I press the logout button on the SP side, I get:
>
>
>SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
>Backtrace:
>1 /usr/local/medstarapps/smiagol/www/_include.php:37 (SimpleSAML_exception_handler)
Don’t know if it’ll be important but what SAML2 implementation is the SP running?
Matthew
Itay Moav
Dec 7, 2015, 8:50:53 AM12/7/15
to simple...@googlegroups.com
The SP is not SSP it is a vendor I have no control over.
What does it mean in SSP that "can't find current binding"
Matthew
--
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Peter Schober
Dec 7, 2015, 9:01:12 AM12/7/15
to simple...@googlegroups.com
* Itay Moav <itay.ma...@gmail.com> [2015-12-07 14:45]:
specified above (HTTP-Redirect), then. Looking at the request (as
Matthew suggested) will show that it probably used the HTTP-POST
binding.
-peter
> I am the IdP, I can log on to the SP, no issues.
> When I press the logout button on the SP side, I get:
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
[...]
> When I press the logout button on the SP side, I get:
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
> 'SingleLogoutService' => [
> 0 =>
> [
> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
> 'Location' => 'the url to the logout on the SP',
> ],
> ],
Well, likely the binding used in that logout message was not the one
> 0 =>
> [
> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
> 'Location' => 'the url to the logout on the SP',
> ],
> ],
specified above (HTTP-Redirect), then. Looking at the request (as
Matthew suggested) will show that it probably used the HTTP-POST
binding.
-peter
Itay Moav
Dec 7, 2015, 9:06:17 AM12/7/15
to simple...@googlegroups.com
I see no message at all,
When I press logout on the SP, it does a GET to saml2/idp/SingleLogoutService.php
The cookie includes the SimpleSAMLAuthToken
From what you write, I understand the SP needs to actually submit a SAML message (i.e. XML with info) ?
Itay Moav
Dec 7, 2015, 9:11:56 AM12/7/15
to simple...@googlegroups.com
Ok - With your help I found it, the SP indeed does not submit any message with the request, hence I do not know what to do ...
Tnx!
Peter Schober
Dec 7, 2015, 9:14:07 AM12/7/15
to simple...@googlegroups.com
* Itay Moav <itay.ma...@gmail.com> [2015-12-07 15:06]:
SAML logout request they will have to send a SAML logout request.
(And yes, that's some XML, as per the SAML specification.)
But the error was not about a missing SAML request, it was about not
being able to find the protocol binding /used/ in the metadata that
SSP has on record.
If you're saying there was no SAML request, the HTTP "verb" was GET
and the only binding on record is Redirect then I have no
explanation to offer.
-peter
> I see no message at all,
> When I press logout on the SP, it does a GET to
> saml2/idp/SingleLogoutService.php
> The cookie includes the SimpleSAMLAuthToken
>
> From what you write, I understand the SP needs to actually submit a SAML
> message (i.e. XML with info) ?
I can only offer a tautology: If someone/something wants to send a
> When I press logout on the SP, it does a GET to
> saml2/idp/SingleLogoutService.php
> The cookie includes the SimpleSAMLAuthToken
>
> From what you write, I understand the SP needs to actually submit a SAML
> message (i.e. XML with info) ?
SAML logout request they will have to send a SAML logout request.
(And yes, that's some XML, as per the SAML specification.)
But the error was not about a missing SAML request, it was about not
being able to find the protocol binding /used/ in the metadata that
SSP has on record.
If you're saying there was no SAML request, the HTTP "verb" was GET
and the only binding on record is Redirect then I have no
explanation to offer.
-peter
Itay Moav
Dec 7, 2015, 9:31:22 AM12/7/15
to simple...@googlegroups.com
If I test with my test SP, which both have the same config as possible (except the logout url) it works fine.
The only difference was that missing SAML request. I will dig further, might have missed something.
-peter
Reply all
Reply to author
Forward
0 new messages