SimpleSAMLphp as SP and ADFS as IdP
2,497 views
Skip to first unread message
harveysc...@gmail.com
Sep 24, 2013, 11:41:58 AM9/24/13
to simple...@googlegroups.com
I feel that I'm close to getting this to work but not quite there yet. I'm working on this in a virtual machine inside VMWare and using the IP address of that machine (10.82.1.254). In my SimpleSAMLphp config/authsources.php file, I have the following (I've replaced our company name with "company" throughout):
'saml-idp' => array(
'saml:SP',
'entityID' => 'https://10.82.1.254',
'idp' => 'https://webzoneadfs.company.com/adfs/services/trust',
'privatekey' => 'saml.key',
'certificate' => 'saml.crt',
),
On the SimpleSAML page in my browser, I went to the Federation tab, clicked on Show Metadata for this ID. I sent that file to our ADFS admin. I also had him send me FederationMetadata.xml from his side, and I put that in metadata/saml20-idp-remote.php. The first three lines of that file are:
$metadata['https://webzoneadfs.company.com/adfs/services/trust'] = array (
'entityid' => 'https://webzoneadfs.company.com/adfs/services/trust',
'sign.logout' => TRUE,
When I go to the Authentication tab, click on Test configured authentication sources and click on saml-idp, I am taken to the adfs server and asked for user name and password. When I provide that, it seems to accept it but then I get the following error message, which isn't much help (and which appears to be a message from the ADFS server, but I'm not sure):
So, I thought I'd try something different. I went to https://webzoneadfs.company.com/adfs/ls/IdpInitiatedSignon.aspx I can select Sign in to this site, provide my user name and password, and then select my SimpleSAML site (https://10.82.1.254/simplesaml/module.php/saml/sp/metadata.php/adfs-idp). That produces the following error:
So, where is 'adfs-idp' not set up correctly so that it cannot be found? I feel like I'm missing something obvious but I don't see it. Any help would be very much appreciated.
-- HHH
'saml-idp' => array(
'saml:SP',
'entityID' => 'https://10.82.1.254',
'idp' => 'https://webzoneadfs.company.com/adfs/services/trust',
'privatekey' => 'saml.key',
'certificate' => 'saml.crt',
),
On the SimpleSAML page in my browser, I went to the Federation tab, clicked on Show Metadata for this ID. I sent that file to our ADFS admin. I also had him send me FederationMetadata.xml from his side, and I put that in metadata/saml20-idp-remote.php. The first three lines of that file are:
$metadata['https://webzoneadfs.company.com/adfs/services/trust'] = array (
'entityid' => 'https://webzoneadfs.company.com/adfs/services/trust',
'sign.logout' => TRUE,
When I go to the Authentication tab, click on Test configured authentication sources and click on saml-idp, I am taken to the adfs server and asked for user name and password. When I provide that, it seems to accept it but then I get the following error message, which isn't much help (and which appears to be a message from the ADFS server, but I'm not sure):
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: 5a1bebfb-45f7-441a-89b6-ab719b338440
So, I thought I'd try something different. I went to https://webzoneadfs.company.com/adfs/ls/IdpInitiatedSignon.aspx I can select Sign in to this site, provide my user name and password, and then select my SimpleSAML site (https://10.82.1.254/simplesaml/module.php/saml/sp/metadata.php/adfs-idp). That produces the following error:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 0 /var/simplesamlphp/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_Exception: No authentication source with id 'adfs-idp' found. Backtrace: 2 /var/simplesamlphp/lib/SimpleSAML/Auth/Source.php:243 (SimpleSAML_Auth_Source::getById) 1 /var/simplesamlphp/modules/saml/www/sp/saml2-acs.php:8 (require) 0 /var/simplesamlphp/www/module.php:135 (N/A)
-- HHH
harveysc...@gmail.com
Sep 24, 2013, 5:21:58 PM9/24/13
to simple...@googlegroups.com
At the risk of looking stupid, I'm going to follow up on my own question. It seems I missed something obvious and I've just spotted it. Towards the end, I have the error:
No
authentication source with id 'adfs-idp' found
Then at the top, I have the beginning of the section of authsources.php as:
'saml-idp' => array(
It's obvious to me now that those are not the same but for some reason I didn't notice. I think it's because I had created the one and the other was similar in form, but that's really neither here nor there. When I change the authsources.php key to adfs-idp and rerun my test, I now get the following error, which looks to me like a problem with what ADFS is sending rather than with SimpleSAMLphp:SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 0 /var/simplesamlphp/www/module.php:180 (N/A) Caused by: Exception: Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>. Backtrace: 6 /var/simplesamlphp/lib/SAML2/Assertion.php:262 (SAML2_Assertion::parseSubject) 5 /var/simplesamlphp/lib/SAML2/Assertion.php:235 (SAML2_Assertion::__construct) 4 /var/simplesamlphp/lib/SAML2/Response.php:37 (SAML2_Response::__construct) 3 /var/simplesamlphp/lib/SAML2/Message.php:471 (SAML2_Message::fromXML) 2 /var/simplesamlphp/lib/SAML2/HTTPPost.php:76 (SAML2_HTTPPost::receive) 1 /var/simplesamlphp/modules/saml/www/sp/saml2-acs.php:16 (require) 0 /var/simplesamlphp/www/module.php:135 (N/A)
-- HHH
Sebastien B.
Sep 25, 2013, 3:58:45 AM9/25/13
to simple...@googlegroups.com
Hello,
I think that this might be useful to you (https://groups.google.com/d/msg/simplesamlphp/I8IiDpeKSvY/5i8w06XBsmYJ)
Basically, you have to instruct ADFS to correctly send the nameID in the assertion.
<quote>
On ADFS side, make sure that you add at least 2 claim rules for the SSP relying party,
1) send ldap attributes as claims ( there is a claims rule template for that and you just select the attributes you want to send to SSP from the AD) in example PPID and/or samAccountName
2) transform PPID to UID (select the transform an incoming claims rule template and Transform one of the attributes you fetch from the AD (for example PPID) and make sure you transform it to the Name ID type and specifiy the type (persistent, transient, etc)
This is what i had to do in order to make sure ADFS includes a subject/nameID in the SAML assertion.
</quote>
Hope this helps,
Sébastien
harveysc...@gmail.com
Sep 25, 2013, 10:03:31 AM9/25/13
to simple...@googlegroups.com
Thanks for your response.
Part of my problem (a big part) is that I know next to nothing about ADFS and don't have access to that machine myself, relying on others to do that bit for me (I was only brought in on this because I work in PHP, so somehow they thought I'd be helpful). Anyway, I found this post:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/ea5efcff-4221-4af1-b434-4be5245cb0fa/nameid-policy-could-not-be-satisfied
The relevant part of that says:
When I sent that link to the ADFS folks, I got two responses. The first asked if I had any idea what the value for http://mycompany/internal/sessionid should be. I don't. Should the mycompany be replaced with the host name of my ADFS site, of the SAML site, or something else altogether?
The other response I got said:
Part of my problem (a big part) is that I know next to nothing about ADFS and don't have access to that machine myself, relying on others to do that bit for me (I was only brought in on this because I work in PHP, so somehow they thought I'd be helpful). Anyway, I found this post:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/ea5efcff-4221-4af1-b434-4be5245cb0fa/nameid-policy-could-not-be-satisfied
The relevant part of that says:
You can create name identifier per requested policy by creating two
rules in RP issuance policy. We are going to blog more about name
identifiers soon (check http://blogs.msdn.com/card/). But here is ready to use solution.
First create transient user identifier by adding advance rule. For example:
c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] &&
c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
=> add(
store = "_OpaqueIdStore",
types = ("http://mycompany/internal/sessionid"),
query = "{0};{1};{2};{3};{4}",
param = "useEntropy",
param = c1.Value,
param = c1.OriginalIssuer,
param = "",
param = c2.Value);
Then add create claim transformation rule:
1. Incoming claim type is "http://mycompany/internal/sessionid"
2. Outgoing claim type is "Name ID"
3. Outgoing name ID format is Transient Identifier
First create transient user identifier by adding advance rule. For example:
c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] &&
c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
=> add(
store = "_OpaqueIdStore",
types = ("http://mycompany/internal/sessionid"),
query = "{0};{1};{2};{3};{4}",
param = "useEntropy",
param = c1.Value,
param = c1.OriginalIssuer,
param = "",
param = c2.Value);
Then add create claim transformation rule:
1. Incoming claim type is "http://mycompany/internal/sessionid"
2. Outgoing claim type is "Name ID"
3. Outgoing name ID format is Transient Identifier
When I sent that link to the ADFS folks, I got two responses. The first asked if I had any idea what the value for http://mycompany/internal/sessionid should be. I don't. Should the mycompany be replaced with the host name of my ADFS site, of the SAML site, or something else altogether?
The other response I got said:
The claims set up in ADFS are:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
You can name them whatever you want to on your end.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
You can name them whatever you want to on your end.
Any idea how I "name them whatever I want" on my end?
-- HHH
Daniel Tsosie
Sep 25, 2013, 3:42:47 PM9/25/13
to simple...@googlegroups.com
Their responses signify they don't really know what you want.
Your prime issue is their SAML response is lacking a proper NameID for you to use to identify users and they do not know about SAML to configure it since from their point of view, it should just work out of the box.
The claims mapping only matters once you actually can receive their response.
You are trying to configure an SP to use ADFS as an IDP correct?
Why don't you use the ws-fed module? I am not familiar with it, but when revising the adfs idp module for my uses, I recall that it "hacks" the response to butcher it into something usable by hard coding default responses to make it work for I assume this kind of scenario.
-Dan Tsosie
Your prime issue is their SAML response is lacking a proper NameID for you to use to identify users and they do not know about SAML to configure it since from their point of view, it should just work out of the box.
The claims mapping only matters once you actually can receive their response.
You are trying to configure an SP to use ADFS as an IDP correct?
Why don't you use the ws-fed module? I am not familiar with it, but when revising the adfs idp module for my uses, I recall that it "hacks" the response to butcher it into something usable by hard coding default responses to make it work for I assume this kind of scenario.
-Dan Tsosie
Peter Schober
Sep 26, 2013, 4:02:21 AM9/26/13
to simple...@googlegroups.com
* Daniel Tsosie <daniel...@gmail.com> [2013-09-25 21:42]:
even when no NameID is being sent with the assertion?
> You are trying to configure an SP to use ADFS as an IDP correct?
Cf. the subject of this thread.
> Why don't you use the ws-fed module? I am not familiar with it, but
> when revising the adfs idp module for my uses, I recall that it
> "hacks" the response to butcher it into something usable by hard
> coding default responses to make it work for I assume this kind of
> scenario.
That ("hacks", "butcher", "hard coding") doesn't sound like good
advice to me, compared to just interoperating using standard
protocols.
-peter
> Your prime issue is their SAML response is lacking a proper NameID
> for you to use to identify users and they do not know about SAML to
> configure it since from their point of view, it should just work out
> of the box.
I'd need to re-check the SAML specs but shouldn't SSP be able to work
> for you to use to identify users and they do not know about SAML to
> configure it since from their point of view, it should just work out
> of the box.
even when no NameID is being sent with the assertion?
> You are trying to configure an SP to use ADFS as an IDP correct?
> Why don't you use the ws-fed module? I am not familiar with it, but
> when revising the adfs idp module for my uses, I recall that it
> "hacks" the response to butcher it into something usable by hard
> coding default responses to make it work for I assume this kind of
> scenario.
advice to me, compared to just interoperating using standard
protocols.
-peter
Jude Felix
Mar 16, 2016, 9:48:28 AM3/16/16
to SimpleSAMLphp
Hey Henry Hartley, I am looking for solution for the same issue...I am actually now facing same issue as yours...I am new to SimpleSamlPHP SP with ADFS Idp Integration...I in fact tested it out with SSOCircle Public IDP and it is working fine.
Request to guide with the error :
Request to guide with the error :
Caused by: Exception: Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.
Any Idea how to go about it...
Thijs Kinkhorst
Mar 16, 2016, 9:58:08 AM3/16/16
to simple...@googlegroups.com
Hi Jude,
On 16-03-16 14:48, Jude Felix wrote:
> Hey Henry Hartley, I am looking for solution for the same issue...I am
> actually now facing same issue as yours...I am new to SimpleSamlPHP SP
> with ADFS Idp Integration...I in fact tested it out with SSOCircle
> Public IDP and it is working fine.
> Request to guide with the error :
>
> Caused by: Exception: Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.
This is what it says: your IdP (ADFS) sends an assertion without a
NameID in the Subject. SimpleSAMLphp currently requires this to be present.
This blog mentions how to configure that in ADFS, search for "NameId" to
find some steps and a screenshot:
http://blog.rhysgoodwin.com/cloud/salesforce-sso-with-adfs-2-0-everything-you-need-to-know/
Cheers,
Thijs
On 16-03-16 14:48, Jude Felix wrote:
> Hey Henry Hartley, I am looking for solution for the same issue...I am
> actually now facing same issue as yours...I am new to SimpleSamlPHP SP
> with ADFS Idp Integration...I in fact tested it out with SSOCircle
> Public IDP and it is working fine.
> Request to guide with the error :
>
> Caused by: Exception: Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.
NameID in the Subject. SimpleSAMLphp currently requires this to be present.
This blog mentions how to configure that in ADFS, search for "NameId" to
find some steps and a screenshot:
http://blog.rhysgoodwin.com/cloud/salesforce-sso-with-adfs-2-0-everything-you-need-to-know/
Cheers,
Thijs
Peter Schober
Mar 16, 2016, 7:45:17 PM3/16/16
to simple...@googlegroups.com
* Thijs Kinkhorst <thijs.k...@surfnet.nl> [2016-03-16 14:58]:
in the SimpleSAMLphp bug tracker to fix this bahaviour.
-peter
> This is what it says: your IdP (ADFS) sends an assertion without a
> NameID in the Subject. SimpleSAMLphp currently requires this to be present.
Since NameIDs are optional I SAML, AFAIR, you can also open an issue
> NameID in the Subject. SimpleSAMLphp currently requires this to be present.
in the SimpleSAMLphp bug tracker to fix this bahaviour.
-peter
Peter Schober
Mar 16, 2016, 8:15:27 PM3/16/16
to simple...@googlegroups.com
* Peter Schober <peter....@univie.ac.at> [2016-03-17 00:45]:
> in the SimpleSAMLphp bug tracker to fix this behaviour.
Nevermind:
https://github.com/simplesamlphp/simplesamlphp/issues/19
-peter
> * Thijs Kinkhorst <thijs.k...@surfnet.nl> [2016-03-16 14:58]:
> > This is what it says: your IdP (ADFS) sends an assertion without a
> > NameID in the Subject. SimpleSAMLphp currently requires this to be present.
>
> Since NameIDs are optional in SAML, AFAIR, you can also open an issue
> > This is what it says: your IdP (ADFS) sends an assertion without a
> > NameID in the Subject. SimpleSAMLphp currently requires this to be present.
>
> in the SimpleSAMLphp bug tracker to fix this behaviour.
Nevermind:
https://github.com/simplesamlphp/simplesamlphp/issues/19
-peter
Jude Felix
Apr 5, 2016, 2:24:33 AM4/5/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi All, Thanks a lot for all the solutions in this group...
It seems to be working fine now, got a confirmation from the client saying that it is redirecting to the site <eg: xyz.com> ....How do i check in all the aspects from Application side whether claims and everything matches?
Also I should not allow the site <xyz.com> to be working outside if it is directly accessed through site url, how to handle this..Kindly advice pls
It seems to be working fine now, got a confirmation from the client saying that it is redirecting to the site <eg: xyz.com> ....How do i check in all the aspects from Application side whether claims and everything matches?
Also I should not allow the site <xyz.com> to be working outside if it is directly accessed through site url, how to handle this..Kindly advice pls
Peter Schober
Apr 5, 2016, 6:02:27 AM4/5/16
to SimpleSAMLphp
* Jude Felix <judefe...@gmail.com> [2016-04-05 08:24]:
there (esp ones pertaining to SimpleSAMLphp) to even attempt an
answer. You'll need to be a lot more specific in your question ("how
to check whether everything matches" is not a technical question for a
security software support mailing list, neither is "don't allow access
from outside").
As to direct access vs. whatever other method of access: That's how it
works (using HTTP Cookies that reference server-side sessions, like
everywhere else on the WWW).
Try http://www.catb.org/esr/faqs/smart-questions.html once.
-peter
> It seems to be working fine now, got a confirmation from the client saying
> that it is redirecting to the site <eg: xyz.com> ....How do i check in all
> the aspects from Application side whether claims and everything matches?
> Also I should not allow the site <xyz.com> to be working outside if it is
> directly accessed through site url, how to handle this..
I don't see any technical questions or necessary technical details in
> that it is redirecting to the site <eg: xyz.com> ....How do i check in all
> the aspects from Application side whether claims and everything matches?
> Also I should not allow the site <xyz.com> to be working outside if it is
> directly accessed through site url, how to handle this..
there (esp ones pertaining to SimpleSAMLphp) to even attempt an
answer. You'll need to be a lot more specific in your question ("how
to check whether everything matches" is not a technical question for a
security software support mailing list, neither is "don't allow access
from outside").
As to direct access vs. whatever other method of access: That's how it
works (using HTTP Cookies that reference server-side sessions, like
everywhere else on the WWW).
Try http://www.catb.org/esr/faqs/smart-questions.html once.
-peter
Jude Felix
Apr 5, 2016, 6:43:58 AM4/5/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi Peter -
Sorry for the incomplete query..I am new to Saml Integration. Pls find the steps done so far
As of now we are done with
SimpleSamlPHP Install
SimpleSamlPHP Config as SP
Consumed the Fed data from ADFS which is Idp
I provided SP metadata to the client, Asked them configure Adfs to send an assertion with a NameID in the Subject.
After few bug fixes I got the confirmation from the client saying that now they are able to hit our web application homepage (https://domain.com). Is this all we need to do from SP Config and Application point of view?
As of now web application can be accessed through browser from any where by providing the domain name (https://domain.com)...How to restrict
I wanted to have check on the application side (https://domain.com) that Authentication is valid before I could redirect to our web application homepage
Sorry for the incomplete query..I am new to Saml Integration. Pls find the steps done so far
As of now we are done with
SimpleSamlPHP Install
SimpleSamlPHP Config as SP
Consumed the Fed data from ADFS which is Idp
I provided SP metadata to the client, Asked them configure Adfs to send an assertion with a NameID in the Subject.
After few bug fixes I got the confirmation from the client saying that now they are able to hit our web application homepage (https://domain.com). Is this all we need to do from SP Config and Application point of view?
As of now web application can be accessed through browser from any where by providing the domain name (https://domain.com)...How to restrict
I wanted to have check on the application side (https://domain.com) that Authentication is valid before I could redirect to our web application homepage
Jude Felix
May 7, 2016, 10:01:46 AM5/7/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi All,
I am all new to saml and simplesamlphp, I have been trying to setup simplesamlphp as SP with ADFS (Idp) but not successful yet
I have upadated authsources.php file as shown below
'default-sp' => array(
'saml:SP',
'entityID' => null,
//I created certificates using openssl and stored in simplesamlphp/cert folder
'privatekey' => 'saml.key',
'certificate' => 'saml.pem',
'idp' => 'http://domain/adfs/services/trust',
'discoURL' => null,
'sign.logout' => TRUE,
'redirect.sign' => TRUE,
'assertion.encryption' => TRUE,
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
),
In simplesaml I went to the Federation tab converted FederationMetadata.xml received from ADFS admin and included that in metadata/saml20-idp-remote.php and I also shared SP metadata with ADFS admin (Configured in ADFS)...
ADFS admin also sent me token-Signing Certificate.cer, what do i need to do with this, how do i use this in simplesamlphp
Now i am getting below exception. I am currenly not doing anything with self signed token sent by adfs admin
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /var/simplesamlphp/www/module.php:179 (N/A)
Caused by: sspmod_saml_Error: Responder
Kindly help, I am stuck with this for quite sometime not able to close
I am all new to saml and simplesamlphp, I have been trying to setup simplesamlphp as SP with ADFS (Idp) but not successful yet
I have upadated authsources.php file as shown below
'default-sp' => array(
'saml:SP',
'entityID' => null,
//I created certificates using openssl and stored in simplesamlphp/cert folder
'privatekey' => 'saml.key',
'certificate' => 'saml.pem',
'idp' => 'http://domain/adfs/services/trust',
'discoURL' => null,
'sign.logout' => TRUE,
'redirect.sign' => TRUE,
'assertion.encryption' => TRUE,
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
),
In simplesaml I went to the Federation tab converted FederationMetadata.xml received from ADFS admin and included that in metadata/saml20-idp-remote.php and I also shared SP metadata with ADFS admin (Configured in ADFS)...
ADFS admin also sent me token-Signing Certificate.cer, what do i need to do with this, how do i use this in simplesamlphp
Now i am getting below exception. I am currenly not doing anything with self signed token sent by adfs admin
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /var/simplesamlphp/www/module.php:179 (N/A)
Caused by: sspmod_saml_Error: Responder
Kindly help, I am stuck with this for quite sometime not able to close
Peter Schober
May 7, 2016, 11:10:24 AM5/7/16
to SimpleSAMLphp
* Jude Felix <judefe...@gmail.com> [2016-05-07 16:01]:
-peter
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
> Backtrace:
> 0 /var/simplesamlphp/www/module.php:179 (N/A)
> Caused by: sspmod_saml_Error: Responder
Well, the Responder here is the SAML IDP. So that's where you'd look.
> Backtrace:
> 0 /var/simplesamlphp/www/module.php:179 (N/A)
> Caused by: sspmod_saml_Error: Responder
-peter
Daniel Tsosie
May 7, 2016, 1:03:07 PM5/7/16
to simple...@googlegroups.com
We'd need the output from the logs to determine what that meant. My guess is syntax error in the configuration though.
--
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/yE6Fvc1os-g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at https://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Bjorn Rohde Jensen
May 7, 2016, 1:41:44 PM5/7/16
to simple...@googlegroups.com
When i started out with simplesamlphp sp to adfs idp integration, i went
with persistent nameId at first just to get a working setup, since
persistent is supported out of the box.
It took me a little while to figure out, how to get transient nameId up
and running, and i seem to recall getting some pretty useless error
messages during my experiments with transient nameId. Though i cant say,
if what you are seeing was one of them.
In short; have you tried specifying persistent nameId instead of transient?
Yours sincerely,
Bjorn
with persistent nameId at first just to get a working setup, since
persistent is supported out of the box.
It took me a little while to figure out, how to get transient nameId up
and running, and i seem to recall getting some pretty useless error
messages during my experiments with transient nameId. Though i cant say,
if what you are seeing was one of them.
In short; have you tried specifying persistent nameId instead of transient?
Yours sincerely,
Bjorn
Jude Felix
May 9, 2016, 6:26:20 AM5/9/16
to SimpleSAMLphp, bje...@fastmail.fm
Hi All , Thanks for the responses... I have changed to persistent nameId and asked them to test if it is working fine now as i do not have access to test there login part
Reply all
Reply to author
Forward
0 new messages