Unable to generate NameID. Check the userid.attribute option
754 views
Skip to first unread message
Max León
Jul 13, 2016, 11:33:51 AM7/13/16
to SimpleSAMLphp
HI,
This may be a very simple question but I've not been able to figure it out. Any help or suggestions will be more than appreciated.
I have configured SSP as a hosted IdP with 2 LDAP backends, well ADs as a matter of fact. Authentication tests work fine and at a glance everything is configured correctly.
Now I've added a remote sp for a LMS and setup the "LoginAttribute" as eduPersonPrincipal and the "IdentifierFormat" as "urn:oasis:names:tc:SAML:1.1:nameID-format:emailAddress" since the login is done with the account email.
But I'm getting the following error on when I authenticate on the SSP portal page:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Unable to generate NameID. Check the userid.attribute option.
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] SimpleSAML_Error_Exception: Error 8 - Undefined index: UserID
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Backtrace:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 13 /var/simplesamlphp/www/_include.php:75 (SimpleSAML_error_handler)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 12 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:627 (sspmod_saml_IdP_SAML2::generateNameIdValue)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 11 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:902 (sspmod_saml_IdP_SAML2::buildAssertion)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 10 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:38 (sspmod_saml_IdP_SAML2::sendResponse)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 9 [builtin] (call_user_func)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 8 /var/simplesamlphp/lib/SimpleSAML/IdP.php:287 (SimpleSAML_IdP::postAuthProc)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 7 /var/simplesamlphp/lib/SimpleSAML/IdP.php:333 (SimpleSAML_IdP::postAuth)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 6 [builtin] (call_user_func)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 5 /var/simplesamlphp/lib/SimpleSAML/Auth/Source.php:229 (SimpleSAML_Auth_Source::loginCompleted)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 4 [builtin] (call_user_func)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 3 /var/simplesamlphp/lib/SimpleSAML/Auth/Source.php:145 (SimpleSAML_Auth_Source::completeAuth)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 2 /var/simplesamlphp/modules/core/lib/Auth/UserPassOrgBase.php:243 (sspmod_core_Auth_UserPassOrgBase::handleLogin)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 1 /var/simplesamlphp/modules/core/www/loginuserpassorg.php:64 (require)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 0 /var/simplesamlphp/www/module.php:137 (N/A)
Jul 13 08:16:16 simplesamlphp DEBUG [aa238ea5bb] Sending message:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Backtrace:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 0 /var/simplesamlphp/www/module.php:180 (N/A)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Caused by: DOMException: Error parsing XML string.
I've checked the documentation and made sure the nameIDFormat of the SP matches the one of the SAML connector in the LMS
You can see my SP configuration bellow:
$metadata['http://chaos.example.com/saml2'] = array(
'AssertionConsumerService' => array(
array(
'index' => 0,
'Location' => 'https://chaos.example.com/saml_consume',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
array(
'index' => 1,
'Location' => 'https://chaos.example.com/saml_consume',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
),
'SingleLogoutService' => array(
array(
'Location' => 'https://chaos.example.com/login/saml/logout',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'userid.attribute' => 'eduPersonPrincipalName',
);
And here is the metadata of the LMS:
<EntityDescriptor entityID="http://chaos.example.com/saml2"><SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://chaos.example.com/login/saml/logout?account_id=12"/><AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://chaos.example.com/saml_consume?account_id=12"/><AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://chaos.example.com/login/saml?account_id=12"/></SPSSODescriptor><ContactPerson contactType="technical"><SurName>Webmaster</SurName><EmailAddress>mailto:</EmailAddress></ContactPerson></EntityDescriptor>
This may be a very simple question but I've not been able to figure it out. Any help or suggestions will be more than appreciated.
I have configured SSP as a hosted IdP with 2 LDAP backends, well ADs as a matter of fact. Authentication tests work fine and at a glance everything is configured correctly.
Now I've added a remote sp for a LMS and setup the "LoginAttribute" as eduPersonPrincipal and the "IdentifierFormat" as "urn:oasis:names:tc:SAML:1.1:nameID-format:emailAddress" since the login is done with the account email.
But I'm getting the following error on when I authenticate on the SSP portal page:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Unable to generate NameID. Check the userid.attribute option.
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] SimpleSAML_Error_Exception: Error 8 - Undefined index: UserID
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Backtrace:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 13 /var/simplesamlphp/www/_include.php:75 (SimpleSAML_error_handler)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 12 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:627 (sspmod_saml_IdP_SAML2::generateNameIdValue)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 11 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:902 (sspmod_saml_IdP_SAML2::buildAssertion)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 10 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:38 (sspmod_saml_IdP_SAML2::sendResponse)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 9 [builtin] (call_user_func)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 8 /var/simplesamlphp/lib/SimpleSAML/IdP.php:287 (SimpleSAML_IdP::postAuthProc)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 7 /var/simplesamlphp/lib/SimpleSAML/IdP.php:333 (SimpleSAML_IdP::postAuth)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 6 [builtin] (call_user_func)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 5 /var/simplesamlphp/lib/SimpleSAML/Auth/Source.php:229 (SimpleSAML_Auth_Source::loginCompleted)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 4 [builtin] (call_user_func)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 3 /var/simplesamlphp/lib/SimpleSAML/Auth/Source.php:145 (SimpleSAML_Auth_Source::completeAuth)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 2 /var/simplesamlphp/modules/core/lib/Auth/UserPassOrgBase.php:243 (sspmod_core_Auth_UserPassOrgBase::handleLogin)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 1 /var/simplesamlphp/modules/core/www/loginuserpassorg.php:64 (require)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 0 /var/simplesamlphp/www/module.php:137 (N/A)
Jul 13 08:16:16 simplesamlphp DEBUG [aa238ea5bb] Sending message:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Backtrace:
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] 0 /var/simplesamlphp/www/module.php:180 (N/A)
Jul 13 08:16:16 simplesamlphp ERROR [aa238ea5bb] Caused by: DOMException: Error parsing XML string.
I've checked the documentation and made sure the nameIDFormat of the SP matches the one of the SAML connector in the LMS
You can see my SP configuration bellow:
$metadata['http://chaos.example.com/saml2'] = array(
'AssertionConsumerService' => array(
array(
'index' => 0,
'Location' => 'https://chaos.example.com/saml_consume',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
array(
'index' => 1,
'Location' => 'https://chaos.example.com/saml_consume',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
),
'SingleLogoutService' => array(
array(
'Location' => 'https://chaos.example.com/login/saml/logout',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'userid.attribute' => 'eduPersonPrincipalName',
);
And here is the metadata of the LMS:
<EntityDescriptor entityID="http://chaos.example.com/saml2"><SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://chaos.example.com/login/saml/logout?account_id=12"/><AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://chaos.example.com/saml_consume?account_id=12"/><AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://chaos.example.com/login/saml?account_id=12"/></SPSSODescriptor><ContactPerson contactType="technical"><SurName>Webmaster</SurName><EmailAddress>mailto:</EmailAddress></ContactPerson></EntityDescriptor>
Reply all
Reply to author
Forward
0 new messages