Session: 'default-sp' not valid because we are not authenticated.
3,780 views
Skip to first unread message
Zhen Wang
Jan 15, 2015, 9:38:03 AM1/15/15
to simple...@googlegroups.com
Can someone help?
SimpleSamlPHP is configured as SP and openIdP as IdP. The files are following:
test.php
require_once 'vendor/autoload.php';
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth(array("ReturnTo"=>"https://localhost/dashboard.html"));
$attributes = $as->getAttributes();
print_r($attributes);authsources.php
'default-sp' => array(
'saml:SP',
'entityID' => "https://localhost",
'idp' => 'https://openidp.feide.no',
),I've visited https://localhost/test.php in the browser, and the browser redirects to openIdP. After a successful login, openIdP redirects me to the url https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/open-sp, which shows only a blank page.
In the log file, I've found the following:
Jan 15 15:33:10 simplesamlphp DEBUG [60eaa23134] Session: 'default-sp' not valid because we are not authenticated.
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] Saved state: '_92eb37b78aaa22d63dfbcb7487510268f9571f4f6a'
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] Sending SAML 2 AuthnRequest to 'https://openidp.feide.no'
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] Sending message:
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_92eb37b78aaa22d63dfbcb7487510268f9571f4f6a" Version="2.0" IssueInstant="2015-01-15T14:33:11Z" Destination="https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php" AssertionConsumerServiceURL="https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/open-sp" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] <saml:Issuer>https://www.digital.engelvoelkers.com</saml:Issuer>
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] </samlp:AuthnRequest>
Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134] Redirect to 675 byte URL: https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php?SAMLRequest=jVJLT8MwDP4rVe5t1u7RLdomDSbEJGDTWjhwQWnrbhFpUuKUwb8nbUGMy8QlkWx%2FD3%2FyHHkla7Zq7FHt4a0BtN5HJRWyrrEgjVFMcxTIFK8Amc1Zsrq%2FY1EwYLXRVudakjPIZQRHBGOFVsTbrBfkZRZBNoyzeMo5j6JiMizKLM%2Fi0TQeh4NoMi1n4zgsR%2BWEE%2B8JDDrkgjgiB0dsYKPQcmVdaRCO%2FUHoh%2BM0HLHhkIXhM%2FHWbhuhuO1QR2trZJTqGpQo6qAEUUCgNEVR1RJa77R9Iuq6NEm2CZh3kUNQH2virX6MX2uFTQXmu%2Fu4v%2FulPp1OQSEOwnIZgDqAfNcgX53tINfVuU6li0Z2zLTX7f%2FI5zl21dakj0539x3xlVCFUIfL6Wb9ELLbNN35u22SkuW8JWZdWmb5L6Nzeg6Z9wfy4MQ2652WIv%2F0brSpuL3spa2Iwi%2B7UWYNVyhAWZeklPp0bYBbWBBrGiB02Uv%2BPcPlFw%3D%3D&RelayState=https%3A%2F%2Flocalhost%2Fdashboard.htmlarray (
)Has someone the same problem?
Peter Schober
Jan 15, 2015, 2:21:17 PM1/15/15
to simple...@googlegroups.com
* Zhen Wang <mot...@gmail.com> [2015-01-15 15:38]:
authentication request you sent to the IDP the authsource embedded in
protocol endpoint URLs is "open-sp":
> After a successful login, openIdP redirects me to the url
> https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/open-sp,
> which shows only a blank page.
AFAIK, SSP will generate those URLs automatically based on the
name of the authsource for the SAML SP. Not sure how you can get
"open-sp" in the URL but define "default-sp" in your config.
So you probaly have another authsource defined by that name?
The other inconsistency is that above you set the entityID of the SP
(in the 'default-sp' authsource) to be "https://localhost", but in the
authentication request sent to the IDP it is this:
> Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134]
> <saml:Issuer>https://www.digital.engelvoelkers.com</saml:Issuer>
So something is off and I'm guessing it has to do with your use of
authsources.php.
> Has someone the same problem?
No, I hope that's not a pre-requisite to try to help you fix your
problem.
-peter
> $as = new SimpleSAML_Auth_Simple('default-sp');
[...]
> authsources.php
>
> 'default-sp' => array(
> 'saml:SP',
> 'entityID' => "https://localhost",
> 'idp' => 'https://openidp.feide.no',
> ),
Here you're referencing the 'default-sp' authsource, but in the
>
> 'default-sp' => array(
> 'saml:SP',
> 'entityID' => "https://localhost",
> 'idp' => 'https://openidp.feide.no',
> ),
authentication request you sent to the IDP the authsource embedded in
protocol endpoint URLs is "open-sp":
> After a successful login, openIdP redirects me to the url
> https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/open-sp,
> which shows only a blank page.
name of the authsource for the SAML SP. Not sure how you can get
"open-sp" in the URL but define "default-sp" in your config.
So you probaly have another authsource defined by that name?
The other inconsistency is that above you set the entityID of the SP
(in the 'default-sp' authsource) to be "https://localhost", but in the
authentication request sent to the IDP it is this:
> Jan 15 15:33:11 simplesamlphp DEBUG [60eaa23134]
> <saml:Issuer>https://www.digital.engelvoelkers.com</saml:Issuer>
authsources.php.
> Has someone the same problem?
problem.
-peter
Reply all
Reply to author
Forward
0 new messages