Cannot retrieve metadata for IdP 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20' because it isn't a valid IdP for this SP.

[sachin singh]

Hi All,

I am getting this error Cannot retrieve metadata for IdP 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20' because it isn't a valid IdP for this SP.

Core member who are expert please help me for this.

I had tried so many ways but till now i am unable to fix any help will be really appreciate this.My details configuration are given below

1) Authsource.php

<?php

$config = array(

// This is a authentication source which handles admin authentication.

'admin' => array(

'core:AdminPassword',

),

'bpglobe-sp' => array(

'saml:SP',

'privatekey' => 'saml.pem',

 'certificate' => 'saml.crt',

           

'entityID' =>'http://54.247.182.164:73/simplesaml/www/module.php/saml/sp/metadata.php/bpglobe-sp',

'idp' => 'https://accessuat.bpglobal.com',

'discoURL' => NULL,

)

2) saml20-idp-hosted.php

<?php

$metadata['https://accessuat.bpglobal.com'] = array(

'host' => 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=GLOBE&NameIdFormat=Email&AllowCreate=false_',

'privatekey' => 'saml.pem',

'certificate' => 'saml.crt',

'auth' => 'example-userpass',

);

3)  saml20-idp-remote.php

<?php

metadata['https://accessuat.bpglobal.com'] = array (

  'name' => 

  array (

    'en' => 'BP',

  ),

  'description' => 'Sign on with the given url for BP-IDAM'

'SingleSignOnService' => 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20/login',

      'SingleLogoutService' => 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20/slo',

    'certFingerprint' => 'MIIFDzCCA/egAwIBAadsscsdfvcfsdvdfsvfdvdfsvds');

4)saml20-sp-remote.php

<?php

$metadata['http://54.247.182.164:73/simplesaml/www/module.php/saml/sp/metadata.php/bpglobe-sp'] = array(

'AssertionConsumerService' => 'http://54.247.182.164:73/simplesaml/www/module.php/saml/sp/saml1-acs.php/bpglobe-sp',

'SingleLogoutService' => 'http://54.247.182.164:73/simplesaml/www/module.php/saml/sp/saml1-logout.php/bpglobe-sp',

);

Thanks & best regards

Sachin

[Thijs Kinkhorst]

Hi sachin,

On Sat, 13 Jul 2013 06:23:58 -0700 (PDT), sachin singh
<tosach...@gmail.com> wrote:
> I am getting this error Cannot retrieve metadata for IdP
> 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20' because it isn't
a
> valid IdP for this SP.

You provide many configuration files but not an idea of what it is that
you want to do. From your configuration I also do not get a clear view from
what is your IdP and what is your SP.

Perhaps it helps if you describe what it is you want to accomplish.


Cheers,
Thijs

--
Thijs Kinkhorst <th...@uvt.nl> – LIS Unix

Universiteit van Tilburg – Library and IT Services
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236

[Niels van Dijk]

Hi,

When I parse the URL
'https://accessuat.bpglobal.com/fim/sps/saml20/saml20' in a browser, the
location resolves to the actual login page of the IdP. I would guess
that either your metadat location is not correct, or someone decided to
put the metadata location behind a login.

Cheers Niels

> --
> You received this message because you are subscribed to the Google
> Groups "simpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to simplesamlph...@googlegroups.com.
> To post to this group, send email to simple...@googlegroups.com.
> Visit this group at http://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[sachin singh]

Hi Thijs,

My IDP is 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20' 

and SP is http://54.247.182.164:73/simplesaml/www/module.php/saml/sp/metadata.php/bpglobe-sp'

I am try to make SP generated authentication in which SP will hit IDP and then idp will authorize and finally after successful authorization SP will send it to target url

Do let me know if you require any extra information.

Thanks and best regards

Sachin Singh

[Thijs Kinkhorst]

Op maandag 15 juli 2013 08:11:16 schreef sachin singh:

> My IDP is 'https://accessuat.bpglobal.com/fim/sps/saml20/saml20'
> and SP
> is http://54.247.182.164:73/simplesaml/www/module.php/saml/sp/metadata.php
> /bpglobe-sp'
>
> I am try to make SP generated authentication in which SP will hit IDP and
> then idp will authorize and finally after successful authorization SP will
> send it to target url
>
> Do let me know if you require any extra information.

The britisch petroleum url you supply seems to lead to a login page (as Niels
already remarked). What's needed to configure your SP is the metadata from the
IdP. The metadata is usually supplied in xml form at either a URL or sent to
you directly. This metadata will contain the parameters you need to configure
your SP.

Once you have this xml, use simpleSAMLphp's "XML to simpleSAMLphp metadata
converter" at http://54.247.182.164:73/simplesaml/www/admin/metadata-
converter.php to parse the XML into a configuration snippet you can directly
use.

--
Thijs Kinkhorst <th...@uvt.nl> – LIS Unix

Universiteit van Tilburg – Library and IT Services • Postbus 90153, 5000 LE
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236 • http://www.uvt.nl

[Anil Mamidi]

Sachin,

Did you configure this successfully? Currently i am configuring SAML using simplesamlphp with IBM TFIM. i am unable to complete, Could you please share your configuration document, i am more interested on IBM TFIM side configuration. 

Any input will greatly appreciated.

Thanks,
Anil

[Peter Schober]

* Anil Mamidi <mamid...@gmail.com> [2016-07-08 16:31]:

> Did you configure this successfully? Currently i am configuring SAML using
> simplesamlphp with IBM TFIM. i am unable to complete, Could you please
> share your configuration document, i am more interested on IBM TFIM side
> configuration.

All SimpleSAMLphp needs is SAML 2.0 Metadata about the entity.
How to get that from "IBM TFIM" is a question best asked in some
support venue for "IBM TFIM", e.g. provided by the vendor.
-peter