SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity ID
6,334 views
Skip to first unread message
Pete Olsen
Nov 23, 2016, 1:53:11 PM11/23/16
to SimpleSAMLphp
Trying to set up SimpleSAMLphp for mediawiki but getting error:
Exception during login: SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity ID 'http://foobar.oktapreview.com/app/exk8s8px1brk2QY0s0h7/sso/saml/metadata' Backtrace: 6 /usr/share/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:134 (sspmod_saml_Auth_Source_SP::getIdPMetadata) 5 /usr/share/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:308 (sspmod_saml_Auth_Source_SP::startSSO) 4 /usr/share/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:390 (sspmod_saml_Auth_Source_SP::authenticate) 3 /usr/share/simplesamlphp/lib/SimpleSAML/Auth/Default.php:65 (SimpleSAML_Auth_Default::initLogin) 2 /usr/share/simplesamlphp/lib/SimpleSAML/Auth/Simple.php:136 (SimpleSAML_Auth_Simple::login) 1 /usr/share/simplesamlphp/modules/core/www/authenticate.php:45 (require) 0 /usr/share/simplesamlphp/www/module.php:134 (N/A)
I am on Debian 8.6 PHP 5.6 Apache2
Please let me know if you need any other info.
Thanks,
Pete
Peter Schober
Nov 24, 2016, 7:07:52 AM11/24/16
to SimpleSAMLphp
* Pete Olsen <hepa...@gmail.com> [2016-11-23 19:53]:
know an IDP with that entityID. I don't see a question or
configuration details or anything else in your post.
-peter
> Trying to set up SimpleSAMLphp for mediawiki but getting error:
>
> Exception during login:
> SimpleSAML_Error_Exception: Could not find the metadata of an IdP
> with entity ID
> 'http://foobar.oktapreview.com/app/exk8s8px1brk2QY0s0h7/sso/saml/metadata'
[...]
>
> Exception during login:
> SimpleSAML_Error_Exception: Could not find the metadata of an IdP
> with entity ID
> 'http://foobar.oktapreview.com/app/exk8s8px1brk2QY0s0h7/sso/saml/metadata'
> Please let me know if you need any other info.
Not sure what info it is *you* need. The error above says SSO does not
know an IDP with that entityID. I don't see a question or
configuration details or anything else in your post.
-peter
Pete Olsen
Nov 24, 2016, 10:37:07 AM11/24/16
to SimpleSAMLphp, peter....@univie.ac.at
That URL does work and does return metadata. For some reason simplesamlphp is not picking up on it.
I installed simplesamlphp as a debian package.
Can you explain what that mean that it does not "know" and IDP. Where do I need to declare the IDP?
I did use the metadata in the php conversion too to create a saml20-idp-remote.php file. But that is not being "picked up" either.
Any help you can offer is likely useful.
Thanks,
Pete.
Jaime Perez Crespo
Nov 24, 2016, 11:03:03 AM11/24/16
to simple...@googlegroups.com
Hi Pete,
On 24 Nov 2016, at 16:37 PM, Pete Olsen <hepa...@gmail.com> wrote:
> That URL does work and does return metadata. For some reason simplesamlphp is not picking up on it.
> I installed simplesamlphp as a debian package.
> Can you explain what that mean that it does not "know" and IDP.
That’s literal. There are millions of IdPs in the world. In order to interact with one, you need to add its metadata. That’s how you establish the trust between both. SAML does not automatically trust other parties like OpenID.
> Where do I need to declare the IDP?
$SSPROOT/metadata/saml20-idp-remote.php
> I did use the metadata in the php conversion too to create a saml20-idp-remote.php file. But that is not being "picked up" either.
What did you do with that file?
If you placed it in the path I just mentioned, review your metadata sources in the configuration file.
> Any help you can offer is likely useful.
Read the documentation, specially this part:
https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_2
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
On 24 Nov 2016, at 16:37 PM, Pete Olsen <hepa...@gmail.com> wrote:
> That URL does work and does return metadata. For some reason simplesamlphp is not picking up on it.
> I installed simplesamlphp as a debian package.
> Can you explain what that mean that it does not "know" and IDP.
> Where do I need to declare the IDP?
> I did use the metadata in the php conversion too to create a saml20-idp-remote.php file. But that is not being "picked up" either.
If you placed it in the path I just mentioned, review your metadata sources in the configuration file.
> Any help you can offer is likely useful.
https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_2
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Peter Schober
Nov 24, 2016, 3:35:12 PM11/24/16
to SimpleSAMLphp
* Pete Olsen <hepa...@gmail.com> [2016-11-24 16:37]:
> Can you explain what that mean that it does not "know" and
> IDP. Where do I need to declare the IDP?
Documentation home: Using SimpleSAMLphp as a Service Provider
https://simplesamlphp.org/docs/stable/simplesamlphp-sp
Section 2: "Adding IdPs to the SP"
And no, you're not expected to make up the PHP yourself that SSP uses
internally. For one-offs you can use SSP's admin web interface
(federation tab), for regular imports/refreshs you'd use the
metarefresh module (in modules/metarefresh).
> I did use the metadata in the php conversion too to create a
> saml20-idp-remote.php file. But that is not being "picked up"
> either.
That's how it should be done, so something you're doing is wrong.
-peter
> That URL does work and does return metadata. For some reason
> simplesamlphp is not picking up on it.
That's irrelevant. An entityID is a name, not a location.
> simplesamlphp is not picking up on it.
> Can you explain what that mean that it does not "know" and
> IDP. Where do I need to declare the IDP?
https://simplesamlphp.org/docs/stable/simplesamlphp-sp
Section 2: "Adding IdPs to the SP"
And no, you're not expected to make up the PHP yourself that SSP uses
internally. For one-offs you can use SSP's admin web interface
(federation tab), for regular imports/refreshs you'd use the
metarefresh module (in modules/metarefresh).
> I did use the metadata in the php conversion too to create a
> saml20-idp-remote.php file. But that is not being "picked up"
> either.
-peter
Dick Visser
Nov 25, 2016, 8:58:46 AM11/25/16
to simplesamlphp
On 24 November 2016 at 17:02, Jaime Perez Crespo <jaime...@uninett.no> wrote:
> Hi Pete,
>
> On 24 Nov 2016, at 16:37 PM, Pete Olsen <hepa...@gmail.com> wrote:
>> That URL does work and does return metadata. For some reason simplesamlphp is not picking up on it.
>> I installed simplesamlphp as a debian package.
>> Can you explain what that mean that it does not "know" and IDP.
>
> That’s literal. There are millions of IdPs in the world. In order to interact with one, you need to add its metadata. That’s how you establish the trust between both. SAML does not automatically trust other parties like OpenID.
>
>> Where do I need to declare the IDP?
>
> $SSPROOT/metadata/saml20-idp-remote.php
>
>> I did use the metadata in the php conversion too to create a saml20-idp-remote.php file. But that is not being "picked up" either.
>
> What did you do with that file?
>
> If you placed it in the path I just mentioned, review your metadata sources in the configuration file.
>
>> Any help you can offer is likely useful.
>
> Read the documentation, specially this part:
>
> https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_2
Let's check what your SP does know about then.
> Hi Pete,
>
> On 24 Nov 2016, at 16:37 PM, Pete Olsen <hepa...@gmail.com> wrote:
>> That URL does work and does return metadata. For some reason simplesamlphp is not picking up on it.
>> I installed simplesamlphp as a debian package.
>> Can you explain what that mean that it does not "know" and IDP.
>
> That’s literal. There are millions of IdPs in the world. In order to interact with one, you need to add its metadata. That’s how you establish the trust between both. SAML does not automatically trust other parties like OpenID.
>
>> Where do I need to declare the IDP?
>
> $SSPROOT/metadata/saml20-idp-remote.php
>
>> I did use the metadata in the php conversion too to create a saml20-idp-remote.php file. But that is not being "picked up" either.
>
> What did you do with that file?
>
> If you placed it in the path I just mentioned, review your metadata sources in the configuration file.
>
>> Any help you can offer is likely useful.
>
> Read the documentation, specially this part:
>
> https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_2
If you go to <yourssppath>/module.php/core/frontpage_federation.php,
sign in as administrator.
You should be able to see any configured remote IdPs there.
--
Dick Visser
Sr. System & Network Engineer
GÉANT
Want to join us? We're hiring: http://www.geant.org/jobs
Reply all
Reply to author
Forward
Message has been deleted
0 new messages