SSO SimpleSAMLphp error during login
472 views
Skip to first unread message
Aneel Sarwar
Aug 8, 2014, 5:25:50 AM8/8/14
to simple...@googlegroups.com
I am getting the following error when trying to authenticate from idp. Any idea what could be causing this issue?
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION Backtrace: 0 /home/site/simplesaml/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_Exception: No authentication source with id false found. Backtrace: 2 /home/site/simplesaml/lib/SimpleSAML/Auth/Source.php:242 (SimpleSAML_Auth_Source::getById) 1 /home/site/simplesaml/modules/saml/www/sp/saml2-acs.php:8 (require) 0 /home/site/simplesaml/www/module.php:135 (N/A)
Aneel Sarwar
Aug 8, 2014, 10:41:34 AM8/8/14
to simple...@googlegroups.com
Actually, the user is able to login but instead of redirecting to Relay State page it goes to unexpected exception page at idp and shows this error.
Uri Weg
Aug 12, 2014, 3:10:23 PM8/12/14
to simple...@googlegroups.com
Did you ever get this to work? I am running into the same issue.
Message has been deleted
Aneel Sarwar
Aug 18, 2014, 3:04:12 AM8/18/14
to simple...@googlegroups.com
Yes I was able to fix this issue. Following are the 2 possible ways to fix it:
1) Added a parameter of "ResumePath" in ssoPortalUrl both in authsources.php and sp-idp-remote.php because RelayState wasn't working.
2) Making sure both idp and sp are of same version. I had sp setup of 1.12 and idp of 1.11 version, so as I didn't had access to the idp, I just downgraded the sp to 1.11 and it started working.
Hope it helps.
Regards,
Aneel Sarwar
Jaime Pérez Crespo
Aug 18, 2014, 4:06:16 AM8/18/14
to simple...@googlegroups.com
Hi,
Just a few remarks for the records:
On 08 Aug 2014, at 16:41 pm, Aneel Sarwar <sarwa...@gmail.com> wrote:
> Actually, the user is able to login but instead of redirecting to Relay State page it goes to unexpected exception page at idp and shows this error.
The IdP does NOT have to redirect to RelayState. Actually, even though most SAML software uses RelayState to store an URL where to redirect after successful authentication, its contents are limited in size and that use is wrong according to the standard. Besides, an IdP does not know what’s inside a RelayState, or if it’s a URL or a 80 bytes random string.
If you get an exception after authenticating, you should first check your log files (which should be in debug mode) to see what’s happening, because that means you have configured your IdP wrong.
On 18 Aug 2014, at 09:04 am, Aneel Sarwar <sarwa...@gmail.com> wrote:
> Yes I was able to fix this issue. Following are the 2 possible ways to fix it:
>
> 1) Added a parameter of "ResumePath" in ssoPortalUrl both in authsources.php and sp-idp-remote.php because RelayState wasn't working.
Refer to my previous comment about RelayState. Besides, none of “ResumePath” or “ssoPortalUrl” are valid options in neither authsources.php or metadata files. And of course there’s no “sp-idp-remote.php” (which doesn’t even make any sense).
> 2) Making sure both idp and sp are of same version. I had sp setup of 1.12 and idp of 1.11 version, so as I didn't had access to the idp, I just downgraded the sp to 1.11 and it started working.
Don’t do that. You should always use the latest version, as there might be bugs and security vulnerabilities affecting old versions. 1.11 is more than a year old now.
On 08 Aug 2014, at 11:25 am, Aneel Sarwar <sarwa...@gmail.com> wrote:
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION Backtrace: 0 /home/site/simplesaml/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_Exception: No authentication source with id false found. Backtrace: 2 /home/site/simplesaml/lib/SimpleSAML/Auth/Source.php:242 (SimpleSAML_Auth_Source::getById) 1 /home/site/simplesaml/modules/saml/www/sp/saml2-acs.php:8 (require) 0 /home/site/simplesaml/www/module.php:135 (N/A)
The reason most likely for this is that the IdP is misconfigured, with the AssertionConsumerService for your service provider being trimmed. The AssertionConsumerService URL of a SimpleSAMLphp service provider will *always* end with the name of the authentication source to use in the SP, which by default is “default-sp”. Here is an example for a valid URL:
https://example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
If the AssertionConsumerService configured in the IdP looks like this:
https://example.org/simplesaml/module.php/saml/sp/saml2-acs.php
then it is misconfigured and that’s the reason for this error.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Just a few remarks for the records:
On 08 Aug 2014, at 16:41 pm, Aneel Sarwar <sarwa...@gmail.com> wrote:
> Actually, the user is able to login but instead of redirecting to Relay State page it goes to unexpected exception page at idp and shows this error.
If you get an exception after authenticating, you should first check your log files (which should be in debug mode) to see what’s happening, because that means you have configured your IdP wrong.
On 18 Aug 2014, at 09:04 am, Aneel Sarwar <sarwa...@gmail.com> wrote:
> Yes I was able to fix this issue. Following are the 2 possible ways to fix it:
>
> 1) Added a parameter of "ResumePath" in ssoPortalUrl both in authsources.php and sp-idp-remote.php because RelayState wasn't working.
> 2) Making sure both idp and sp are of same version. I had sp setup of 1.12 and idp of 1.11 version, so as I didn't had access to the idp, I just downgraded the sp to 1.11 and it started working.
On 08 Aug 2014, at 11:25 am, Aneel Sarwar <sarwa...@gmail.com> wrote:
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION Backtrace: 0 /home/site/simplesaml/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_Exception: No authentication source with id false found. Backtrace: 2 /home/site/simplesaml/lib/SimpleSAML/Auth/Source.php:242 (SimpleSAML_Auth_Source::getById) 1 /home/site/simplesaml/modules/saml/www/sp/saml2-acs.php:8 (require) 0 /home/site/simplesaml/www/module.php:135 (N/A)
https://example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
If the AssertionConsumerService configured in the IdP looks like this:
https://example.org/simplesaml/module.php/saml/sp/saml2-acs.php
then it is misconfigured and that’s the reason for this error.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Reply all
Reply to author
Forward
0 new messages