getAttributes(); returns empty array() after authentication

1,142 views
Skip to first unread message

Dineshkumar B

unread,
Feb 13, 2012, 4:40:36 AM2/13/12
to simpleSAMLphp
Hi Olav,

Thank you for your continous support,
I've successfully configured SP and IDP using "example-sql"
I'm able to authenticate it successfully, also I 'm redirecting to the
ACS which is defined in sp-metadata.
however if I print the attributes value, I'm getting array as null,
but getting the SAML response in $_REQUEST.

My question how will i get the values in $attributes = $as-
>getAttributes(); which is already authenticated?

Below is my code snippet:
----------------------------------
require_once('/EBSVOL/ecpro/simplesaml/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
echo "<pre>";
print_r($attributes);
print_r($_REQUEST);

Output in samlresponse.php

Array
(
)
Array
(
[SAMLResponse] => PHNhbW..............
[RelayState] => http://devge.globalenglish.com/simplesaml/module.php/core/authenticate.php?as=default-sp
[cookname] => dineshkumar....@globalenglish.com
[cookpass] => MTExMTExMTE=
[remember] => 1
[__utma] =>
197685113.1937681487.1328699936.1328699936.1328764039.2
[__utmz] =>
197685113.1328764039.2.2.utmcsr=ge.bloom.globalenglish.com|
utmccn=(referral)|utmcmd=referral|utmcct=/mypage
[SESSa252286f2ddc972b60738874ec4462ba] =>
7mp0f6ajirihf49lgfftnerot3
[SimpleSAMLAuthToken] =>
_af16c98e7c6cef8b82e47ac9f6ec2da2af5a202325
[PHPSESSID] => eb2abf21b14d10f9fafd9d022e0c5afc
)

Olav Morken

unread,
Feb 13, 2012, 8:11:32 AM2/13/12
to simple...@googlegroups.com
On Mon, Feb 13, 2012 at 01:40:36 -0800, Dineshkumar B wrote:
> Hi Olav,
>
> Thank you for your continous support,
> I've successfully configured SP and IDP using "example-sql"
> I'm able to authenticate it successfully, also I 'm redirecting to the
> ACS which is defined in sp-metadata.
> however if I print the attributes value, I'm getting array as null,
> but getting the SAML response in $_REQUEST.

That's strange - the SAMLResponse parameter should never be available
for anything but the AssertionConsumerService page (saml2-acs.php).
Are you sure that you have registered your SP metadata correctly at the
IdP?

> My question how will i get the values in $attributes = $as-
> >getAttributes(); which is already authenticated?

They should just be there, if they aren't, something is wrong :)
obviously, something else is also wrong, since the SAMLResponse
parameter is also present.

I'd doublecheck the saml20-sp-remote.php metadata file.

Best regards,
Olav Morken
UNINETT / Feide

Dineshkumar B

unread,
Feb 13, 2012, 8:44:51 AM2/13/12
to simpleSAMLphp
Thanks for the quick response,

I've modified the saml20-sp-remote.php file in IdP, because I've 600+
subdomains in SP.

$db = new PDO('mysql:host=localhost;dbname=api', 'api', 'apizzz');
$stmt = $db->query("select metadata_url, AssertionConsumerService,
SingleLogoutService, certData from sp_metadata");

foreach($stmt as $row) {
$metadata[$row['metadata_url']] = array (
'AssertionConsumerService' => $row['AssertionConsumerService'],
'SingleLogoutService' => $row['SingleLogoutService'],
'certData' => $row['certData'],
);
}

I'm not getting any error while using it through simplesamlphp test
apps. all i need is the values from getAttributes() function.

If you need my setup, I can share the login credentials of my test
app.

Thanks,
Dinesh.

Olav Morken

unread,
Feb 15, 2012, 2:32:52 AM2/15/12
to simple...@googlegroups.com
On Mon, Feb 13, 2012 at 05:44:51 -0800, Dineshkumar B wrote:
> Thanks for the quick response,
>
> I've modified the saml20-sp-remote.php file in IdP, because I've 600+
> subdomains in SP.
>
> $db = new PDO('mysql:host=localhost;dbname=api', 'api', 'apizzz');
> $stmt = $db->query("select metadata_url, AssertionConsumerService,
> SingleLogoutService, certData from sp_metadata");
>
> foreach($stmt as $row) {
> $metadata[$row['metadata_url']] = array (
> 'AssertionConsumerService' => $row['AssertionConsumerService'],
> 'SingleLogoutService' => $row['SingleLogoutService'],
> 'certData' => $row['certData'],
> );
> }
>
> I'm not getting any error while using it through simplesamlphp test
> apps. all i need is the values from getAttributes() function.
>
> If you need my setup, I can share the login credentials of my test
> app.

I do not really have time to debug your setup for you :) I can only
try to provide some hints for how you can debug it yourself.

I'd look into why you end up on the final page with a SAMLResponse
request parameter, but still a valid session to "default-sp". Normally,
only the AssertionConsumerService should see the SAMLResponse parameter.

My suggestion is to look at the requests sent by your browser (maybe
using the SAML tracer add-on for Firefox?), and check it against the
normal HTTP request flow to see if something looks wrong. The normal
authentication HTTP request flow should be something like this:

1. GET request to your debug page (samlresponse.php?).
2. Redirect to IdP SSOService.php
3. Redirect to IdP login page.
4. [login on IdP]
5. POST (with SAMLResponse) to SP AssertionConsumerService (saml2-acs.php)
6. Redirect to your debug page.

Normally, the default-sp session should be created with your attributes
in step 5.

Reply all
Reply to author
Forward
0 new messages