Exception: Unable to find the current binding.

[Jacob Clark]

Hello

What could cause the following error to be thrown?

I'm attempting to use https://github.com/bergie/passport-saml as a way to generate and auth SAML tokens however I get the following error when I try:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /usr/share/simplesamlphp/www/module.php:180 (N/A)
Caused by: Exception: Unable to find the current binding.
Backtrace:
2 /usr/share/simplesamlphp/lib/SAML2/Binding.php:79 (SAML2_Binding::getCurrentBinding)
1 /usr/share/simplesamlphp/modules/saml/www/sp/saml2-acs.php:11 (require)
0 /usr/share/simplesamlphp/www/module.php:135 (N/A)

[Peter Schober]

* Jacob Clark <jacob.j...@googlemail.com> [2014-05-22 11:43]:

> What could cause the following error to be thrown?
>
> I'm attempting to use https://github.com/bergie/passport-saml as a way to
> generate and auth SAML tokens however I get the following error when I try:

If "generate and auth SAML tokens" means you want that code to act in
a SAML Service Provider (SP) role (and your own install of
SimpleSAMLphp to act in an IDP role), OK. Otherwise please elaborate.

> Backtrace:
> 0 /usr/share/simplesamlphp/www/module.php:180 (N/A)
> Caused by: Exception: Unable to find the current binding.
> Backtrace:
> 2 /usr/share/simplesamlphp/lib/SAML2/Binding.php:79 (SAML2_Binding::getCurrentBinding)
> 1 /usr/share/simplesamlphp/modules/saml/www/sp/saml2-acs.php:11 (require)
> 0 /usr/share/simplesamlphp/www/module.php:135 (N/A)

That code path (esp. modules/saml/www/sp/saml2-acs.php) does not fit
my assumption above that you're trying to use SimpleSAMLphp as a SAML
IDP (that code is only used when acting as SAML SP).

That would hint at a deeper confusion/misconfiguration on your part.
-peter

[Jacob Clark]

My code is more of an authentication provider rather than an SP, SimpleSAMLphp still needs to perform the sign on, once authenticated there is a callback to re-route back to my app.

I do think I have miss-configured something, but not sure what, based on these facts could you provide any further help? 

Jacob 

[Peter Schober]

No need to Cc: me, I follow the list.

* Jacob Clark <jacob.j...@googlemail.com> [2014-05-22 12:09]:

> My code is more of an authentication provider rather than an SP,

"My code" referrs to the JavaScript thing (where it is an
"authentication provider" for node.js)? In any case, the code which is
being sent (and is parsing) a SAML response acts as a SAML SP.
If that is not the javascript code you referred to, it must be
something else (and you didn't say what that is).

> SimpleSAMLphp still needs to perform the sign on, once authenticated
> there is a callback to re-route back to my app.

Well, SimpleSAMLphp (SSP for short) then acts as a SAML IDP, prompting
the subject to authenticate (i.e., SSP needs to have an authsource
configured to validate credentials against) and issuing SAML
assertions to code acting as an SAML SP.

Call-back and re-routing could either refer to those things.
Or it could mean something internal to that JS code, which does not
concern SSP. I could't say, based on the level of technical details
presented here.

> I do think I have miss-configured something, but not sure what, based on
> these facts could you provide any further help?

These "facts" are not helping much, I'm afraid.
Why not start with describing the setup for SSP you've done so far
(with references to the documentation)?

Also you could send a trace of any SAML protocol messages being sent
back and force, e.g. grabbed from the browser using Olav's excellent
"SAML tracer" extension for Mozilla Firefox.

-peter

[Peter Schober]

* Peter Schober <peter....@univie.ac.at> [2014-05-22 12:18]:
> back and force

funny. "forth" of course,
-peter

[Jacob Clark]

Okay so far I have the SAML IDP and SP configured and installing using the basic quick start guides on the documentation.

I setup the example-auth and used student and studentpass within the SP and tested this, it worked fine. 

I then wen't on to attempt to build my Node.js JavaScript Application using Passport-SAML, there is a Login link which I can click, which takes me to the SSP SP to Login, once I login I then get returned the error State Information Lost at the URL: http://sp.jacob.net/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp, However if I manually go to the URL http://sp.jacob.net/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp I get the cannot bind error.

I have a feeling this may because I have not added my Node.js application to the metadata for SP to the iDp, however this is impossible as I do not have the details to fill this in, so I have left it as the default SP metadata (SSP).

The code I am using in my Node.js application is the following:

{
    path: '/login/callback',
    entryPoint: 'http://idp.jacob.net/simplesamlphp/saml2/idp/SSOService.php',
    issuer: 'http://sp.jacob.net/simplesamlphp/module.php/saml/sp/metadata.php/default-sp',
    protocol: 'http://',
    cert: ''/*,
    privateCert: fs.readFileSync('./cert.pem', 'utf-8')*/
  },

[Peter Schober]

* Jacob Clark <jacob.j...@googlemail.com> [2014-05-23 02:38]:

> I have a feeling this may because I have not added my Node.js application
> to the metadata for SP to the iDp, however this is impossible as I do not
> have the details to fill this in, so I have left it as the default SP
> metadata (SSP).

That can't work, the IDP needs the relevant data of the SP, such as
it's entityID and the endpoint URL to send the response to (i.e.,
where the JS code expects the SAML to be posted to).
-peter