Re: SAML metadata configuration
327 views
Skip to first unread message
Raghu
Apr 30, 2013, 9:01:16 PM4/30/13
to simple...@googlegroups.com
The exception image you have attached is from Feide Open id, its complaining that it cannot find metadata. Assuming you have installed the library as mentioned, all you have to do is add the following line to your virtual host file.
Alias /simplesaml <<path to your simplesamlphp www folder>>
After adding this, restart your web server
Cheers
Raghu
On Monday, April 29, 2013 6:37:28 PM UTC+12, sindhura y r wrote:
Hi
I am getting exception page as attached,
I have followed the steps from the site: http://simplesamlphp.org/docs/stable/simplesamlphp-install#section_1
For Configuring Apache how we should differ from windows system and MAC ios.
So,can you please guide me how to configure the virtualhost in windows and mac..(can you please mention me the steps).
AFter performing all the chnages in that link provided upon entering the url
https://service.example.org/simplesaml/
we need to get that simplesaml page showing succesful installation,but what does that service.example.org stand for,where can i declare that
domain name.
Can anyone please guide me to work on this.
Thanks in advance!
sindhura y r
May 2, 2013, 1:53:25 AM5/2/13
to simple...@googlegroups.com
Hi Raghu,
As you mentioned I checked virtual hosts file,I have placed the following lines in that /etc/apache2/extra/httpd-vhosts.conf file:
<VirtualHost *:80>
DocumentRoot "/Users/rbonthapally/Sites/www/mark-kirby.dev"
ServerName mark-kirby.dev
Alias /simplesaml /Users/rbonthapally/Sites/simplesamlphp/www
</VirtualHost>
Now when I restarted my server and run the following url: http://mark-kirby.dev/simplesaml , I have logged in as administartor, and in authentication tab,I clicked to check the authentication sources,upon clicking
the default-sp,I have been directed to login page of Feide OpenIdP,I have entered my credentials then clicking enter,I have got some encrypted Post notification clicked continue(hope that might be certificate),then I have got this exception now.
Can you please let me know still what is missing.
Thanks,
Sindhura.
As you mentioned I checked virtual hosts file,I have placed the following lines in that /etc/apache2/extra/httpd-vhosts.conf file:
<VirtualHost *:80>
DocumentRoot "/Users/rbonthapally/Sites/www/mark-kirby.dev"
ServerName mark-kirby.dev
Alias /simplesaml /Users/rbonthapally/Sites/simplesamlphp/www
</VirtualHost>
Now when I restarted my server and run the following url: http://mark-kirby.dev/simplesaml , I have logged in as administartor, and in authentication tab,I clicked to check the authentication sources,upon clicking
the default-sp,I have been directed to login page of Feide OpenIdP,I have entered my credentials then clicking enter,I have got some encrypted Post notification clicked continue(hope that might be certificate),then I have got this exception now.
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 0 /Users/rbonthapally/Sites/simplesamlphp/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_Exception: Received an assertion that is valid in the future. Check clock synchronization on IdP and SP. Backtrace: 3 /Users/rbonthapally/Sites/simplesamlphp/modules/saml/lib/Message.php:570 (sspmod_saml_Message::processAssertion) 2 /Users/rbonthapally/Sites/simplesamlphp/modules/saml/lib/Message.php:528 (sspmod_saml_Message::processResponse) 1 /Users/rbonthapally/Sites/simplesamlphp/modules/saml/www/sp/saml2-acs.php:81 (require) 0 /Users/rbonthapally/Sites/simplesamlphp/www/module.php:135 (N/A)
Can you please let me know still what is missing.
Thanks,
Sindhura.
Peter Schober
May 2, 2013, 2:24:39 AM5/2/13
to simple...@googlegroups.com
* sindhura y r <sindhu...@gmail.com> [2013-05-02 07:53]:
correct, easiest using ntp),
-peter
> Caused by: SimpleSAML_Error_Exception: Received an assertion that is
> valid in the future. Check clock synchronization on IdP and SP.
[...]
> valid in the future. Check clock synchronization on IdP and SP.
> Can you please let me know still what is missing.
I'd try what the message suggests above (i.e., make sure your clock is
correct, easiest using ntp),
-peter
Message has been deleted
Raghu
May 3, 2013, 12:01:45 AM5/3/13
to simple...@googlegroups.com
ok this happens when the SP and IDP servers are out of sync with respect to time. The tolerance between IDP and SP is only 60 sec. Anything more than this throws up an error. You have two options
1. either you sync your local server time to IDP time...normally sync your server with universal clock (preferred option)
2. Increase the tolerance limit in /modules/saml/lib/Message.php (its just a hack...should not be deployed to production)
R
chiluveru snehith
May 20, 2013, 7:17:37 AM5/20/13
to simple...@googlegroups.com, raghu.do...@gmail.com
Hi Raghu,
I have successfully configured SimpleSAMLphp as service provided and tested the configuration with default remote IDP Fiedo as well.
It works as expected.I have gone through the guidelines for integrating and tried with sample page(login.php) which I placed at modules/core/www and tried to authenticate ) with Fiedo it worked well.But now instead of that small login page I want to keep my full application and want to integrate.
But to integrate this simplesamlphp configuration to my existing application.
My application resides in inetpub/wwwroot/webhome
My SP configuration resides at inetpub/wwwroot/sp/simplesamlphp
So,my existing app in my dev environment runs as http://localhost.To this existing app how should integrate sp and client has IDP application
Before trying with client IDP am planning to test my authentication service with Fiedo as IDP with my existing application.
In my application I have one login page with username,password and captcha(this is my existing app login page).
Now how can i integrate this with SP configuration that is present in another folder structure.Where I should place this SP configuration in my application
to make this default-sp work with fiedo.
Can you please guide me on this as I have strict deadline on this.
I have successfully configured SimpleSAMLphp as service provided and tested the configuration with default remote IDP Fiedo as well.
It works as expected.I have gone through the guidelines for integrating and tried with sample page(login.php) which I placed at modules/core/www and tried to authenticate ) with Fiedo it worked well.But now instead of that small login page I want to keep my full application and want to integrate.
But to integrate this simplesamlphp configuration to my existing application.
My application resides in inetpub/wwwroot/webhome
My SP configuration resides at inetpub/wwwroot/sp/simplesamlphp
So,my existing app in my dev environment runs as http://localhost.To this existing app how should integrate sp and client has IDP application
Before trying with client IDP am planning to test my authentication service with Fiedo as IDP with my existing application.
In my application I have one login page with username,password and captcha(this is my existing app login page).
Now how can i integrate this with SP configuration that is present in another folder structure.Where I should place this SP configuration in my application
to make this default-sp work with fiedo.
Can you please guide me on this as I have strict deadline on this.
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Regards,
Snehith.Ch
+7893059116.
Raghu
May 21, 2013, 5:19:32 AM5/21/13
to simple...@googlegroups.com, raghu.do...@gmail.com
You have to do the same thing as what you have done at OpenIDP. Provide your SP metadata to IDP. Once you have done that, configure your SP also so that it knows about your local IDP. At the IDP, how you configure to do the authentication is up to you. There are authentication modules available.
You also have to configure IDP hosted metadata and provide a URL that it accepts connections on. You will be using the same URL to let your SP know about IDP.
Hope this helps
R
chiluveru snehith
May 22, 2013, 8:15:40 AM5/22/13
to simple...@googlegroups.com, Raghu Don
Thanks Raghu For information,
1)actually I had doubt like,in saml file system,can I place my application(SP) in modules/core/www folder and can integrate with remote IDP(which is provided by client) or is there any other place which is prefered to place our application.Reply all
Reply to author
Forward
0 new messages