idp discovery not finding IDPs
229 views
Skip to first unread message
Rainer Hörbe
Nov 22, 2016, 11:19:00 AM11/22/16
to SimpleSAMLphp
I have an SSP SP configuration that is loading SAML2 metadata from an aggregate. Metarefresh seems to work fine:
16:04:43.262Z [metarefresh]: Executing set [testpvgvat]
16:04:43.263Z [metarefresh]: In set [testpvgvat] loading source [http://mdfeed.test.portalverbund.gv.at/metadata.xml]
...
16:04:43.384Z metarefresh: Add metadata entry 'https://idp5.test.portalverbund.gv.at/idp.xml' in set 'saml20-idp-remote'.
16:04:43.385Z Writing: /var/simplesaml/metadata/metarefresh-federation/saml20-idp-remote/https%3A%2F%2Fidp5.test.portalverbund.gv.at%2Fidp.xml.serialized.new
...
When I access a protected page, SSP redirects to disco.php, but the list of IDPs is empty.
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: Accessing discovery service.
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: returnIdParam initially set to [idpentityid]
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: isPassive initially set to [FALSE]
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: getSelectedIdP() returned null
Nov 22 17:11:33 simplesamlphp DEBUG [36b28df849] Localization: using old system
Nov 22 17:11:33 simplesamlphp DEBUG [36b28df849] Template: Reading [/var/simplesaml/dictionaries/disco]
When I access the admin pages I seen problems with the language selection. I would guess that following errors are unrelated, but the severity CRITICAL and ERROR seems strage for missing translations:
Nov 22 17:15:15 simplesamlphp CRITICAL [36b28df849] /simplesaml/module.php/core/frontpage_welcome.php - Localization directory missing/broken for langcode 'de' and domain 'sanitycheck'
Nov 22 17:15:15 simplesamlphp ERROR [36b28df849] /simplesaml/module.php/core/frontpage_welcome.php - Something went wrong when trying to get path to language file, cannot load domain 'sanitycheck'.
Nov 22 17:15:26 simplesamlphp CRITICAL [36b28df849] /simplesaml/module.php/core/frontpage_federation.php - Localization directory missing/broken for langcode 'de' and domain 'sanitycheck'
Nov 22 17:15:26 simplesamlphp ERROR [36b28df849] /simplesaml/module.php/core/frontpage_federation.php - Something went wrong when trying to get path to language file, cannot load domain 'sanitycheck'.
Nov 22 17:15:26 simplesamlphp WARNING [36b28df849] Deprecated use of new SimpleSAML\Locale\Translate::t(...) at /var/simplesaml/lib/SimpleSAML/XHTML/Template.php:663. The $tag-parameter can only be a string in 2.0.
Any idea where to drill down?
- Rainer
16:04:43.262Z [metarefresh]: Executing set [testpvgvat]
16:04:43.263Z [metarefresh]: In set [testpvgvat] loading source [http://mdfeed.test.portalverbund.gv.at/metadata.xml]
...
16:04:43.384Z metarefresh: Add metadata entry 'https://idp5.test.portalverbund.gv.at/idp.xml' in set 'saml20-idp-remote'.
16:04:43.385Z Writing: /var/simplesaml/metadata/metarefresh-federation/saml20-idp-remote/https%3A%2F%2Fidp5.test.portalverbund.gv.at%2Fidp.xml.serialized.new
...
When I access a protected page, SSP redirects to disco.php, but the list of IDPs is empty.
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: Accessing discovery service.
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: returnIdParam initially set to [idpentityid]
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: isPassive initially set to [FALSE]
Nov 22 17:11:33 simplesamlphp INFO [36b28df849] idpDisco.saml: getSelectedIdP() returned null
Nov 22 17:11:33 simplesamlphp DEBUG [36b28df849] Localization: using old system
Nov 22 17:11:33 simplesamlphp DEBUG [36b28df849] Template: Reading [/var/simplesaml/dictionaries/disco]
When I access the admin pages I seen problems with the language selection. I would guess that following errors are unrelated, but the severity CRITICAL and ERROR seems strage for missing translations:
Nov 22 17:15:15 simplesamlphp CRITICAL [36b28df849] /simplesaml/module.php/core/frontpage_welcome.php - Localization directory missing/broken for langcode 'de' and domain 'sanitycheck'
Nov 22 17:15:15 simplesamlphp ERROR [36b28df849] /simplesaml/module.php/core/frontpage_welcome.php - Something went wrong when trying to get path to language file, cannot load domain 'sanitycheck'.
Nov 22 17:15:26 simplesamlphp CRITICAL [36b28df849] /simplesaml/module.php/core/frontpage_federation.php - Localization directory missing/broken for langcode 'de' and domain 'sanitycheck'
Nov 22 17:15:26 simplesamlphp ERROR [36b28df849] /simplesaml/module.php/core/frontpage_federation.php - Something went wrong when trying to get path to language file, cannot load domain 'sanitycheck'.
Nov 22 17:15:26 simplesamlphp WARNING [36b28df849] Deprecated use of new SimpleSAML\Locale\Translate::t(...) at /var/simplesaml/lib/SimpleSAML/XHTML/Template.php:663. The $tag-parameter can only be a string in 2.0.
Any idea where to drill down?
- Rainer
pat...@cirrusidentity.com
Nov 22, 2016, 1:41:39 PM11/22/16
to SimpleSAMLphp
Metarefresh is writing serialized files to: /var/simplesaml/metadata/metarefresh-federation
Do you have a corresponding setting in config.php to tell SSP to read metadata from there?
'metadata.sources' => array(
array('type' => 'flatfile'),
array('type' => 'serialize', 'directory' => '/var/simplesaml/metadata/metarefresh-federation'),
),-Patrick
Rainer Hörbe
Nov 23, 2016, 3:21:45 PM11/23/16
to SimpleSAMLphp
Thanks, this was the problem. I had a typo in the directory path.
- Rainer
- Rainer
Reply all
Reply to author
Forward
0 new messages