Passed authentification test, could use a little help with SSO and SLO (vers. 1.7)
619 views
Skip to first unread message
PeteDK
Jan 25, 2011, 3:06:03 AM1/25/11
to simpleSAMLphp
Hi again.
Trying to setup simplesamlphp as a SP.
I have installed simplesamlphp 1.7 on an apache 2 server, complete
with the requirered modules etc.
I want to combine my simplesaml with another webapp, but before i get
to that i would just like to get login, logout etc. working on my
simplesamlserver :)
As mentioned, the test:
https://wayf.mysite.dk/simplesaml/module.php/core/authenticate.php?as=default-sp
works as expected. I can login through my Idp(wayf.dk) and i get
redirected to the status page. So far so good.
Now i have tried to use the built in SSO module.
https://wayf.mysite.dk/simplesaml/saml2/sp/initSSO.php?RelayState=http://.localhost:8000/
this one just comes up with an error stating:
Caused by: Exception: Could not find any default metadata entities in
set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
simplesaml]
Backtrace:
.../wayf_server/simplesamlphp/www/saml2/sp/initSSO.php:32 (N/A)
When it comes to config and metadata:
authsources.php:
'default-sp' => array(
'saml:SP',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'redirect.sign' => TRUE,
'redirect.validate' => TRUE,
'entityID' => 'http://wayf.mysite.dk',
'idp' => 'https://testbridge.wayf.dk',
'discoURL' => NULL,
metadata/saml20-sp-remote.php
<?php
$metadata['http://wayf.mysite.dk'] = array(
'AssertionConsumerService' => 'https://wayf.mysite.dk/simplesaml/
module.php/saml/sp/saml2-acs.php',
'SingleLogoutService' => 'https://wayf.mysite.dk/simplesaml/
module.php/saml/sp/saml2-logout.php',
'name' => array(
'en' => 'ActivityLog',
'da' => 'mysite',
),
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-
format:transient',
);
I have read something about saml20-sp-hosted.php being required in
some cases. Therefore i have copied the contents from …remote.php to …
hosted.php.
the idp metadata is located in metadata/saml20-idp-remote.php
I hope i have provided you with enough information. Can anyone of you
see where I'm messing up :)
Is it the wrong login url? wrong metadata format??
Oh and I'm not using mysite in the various entries… just don't want to
expose my not-working wayf site just yet :) old habbit :)
thanks.
regards.
Peter M
Trying to setup simplesamlphp as a SP.
I have installed simplesamlphp 1.7 on an apache 2 server, complete
with the requirered modules etc.
I want to combine my simplesaml with another webapp, but before i get
to that i would just like to get login, logout etc. working on my
simplesamlserver :)
As mentioned, the test:
https://wayf.mysite.dk/simplesaml/module.php/core/authenticate.php?as=default-sp
works as expected. I can login through my Idp(wayf.dk) and i get
redirected to the status page. So far so good.
Now i have tried to use the built in SSO module.
https://wayf.mysite.dk/simplesaml/saml2/sp/initSSO.php?RelayState=http://.localhost:8000/
this one just comes up with an error stating:
Caused by: Exception: Could not find any default metadata entities in
set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
simplesaml]
Backtrace:
.../wayf_server/simplesamlphp/www/saml2/sp/initSSO.php:32 (N/A)
When it comes to config and metadata:
authsources.php:
'default-sp' => array(
'saml:SP',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'redirect.sign' => TRUE,
'redirect.validate' => TRUE,
'entityID' => 'http://wayf.mysite.dk',
'idp' => 'https://testbridge.wayf.dk',
'discoURL' => NULL,
metadata/saml20-sp-remote.php
<?php
$metadata['http://wayf.mysite.dk'] = array(
'AssertionConsumerService' => 'https://wayf.mysite.dk/simplesaml/
module.php/saml/sp/saml2-acs.php',
'SingleLogoutService' => 'https://wayf.mysite.dk/simplesaml/
module.php/saml/sp/saml2-logout.php',
'name' => array(
'en' => 'ActivityLog',
'da' => 'mysite',
),
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-
format:transient',
);
I have read something about saml20-sp-hosted.php being required in
some cases. Therefore i have copied the contents from …remote.php to …
hosted.php.
the idp metadata is located in metadata/saml20-idp-remote.php
I hope i have provided you with enough information. Can anyone of you
see where I'm messing up :)
Is it the wrong login url? wrong metadata format??
Oh and I'm not using mysite in the various entries… just don't want to
expose my not-working wayf site just yet :) old habbit :)
thanks.
regards.
Peter M
Peter Schober
Jan 25, 2011, 4:56:55 AM1/25/11
to simpleSAMLphp
* PeteDK <peterm...@gmail.com> [2011-01-25 09:06]:
> Now i have tried to use the built in SSO module.
>
> https://wayf.mysite.dk/simplesaml/saml2/sp/initSSO.php?RelayState=http://.localhost:8000/
> Now i have tried to use the built in SSO module.
>
> https://wayf.mysite.dk/simplesaml/saml2/sp/initSSO.php?RelayState=http://.localhost:8000/
Which "built in SSO module" are you referring to?
Looks like it's using the old, deprecated API.
> Caused by: Exception: Could not find any default metadata entities in
> set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
> simplesaml]
saml20-sp-hosted.php is not used anymore, as you've seen, by following
the docs which have no mention of this.
-peter
PeteDK
Jan 25, 2011, 5:55:23 AM1/25/11
to simpleSAMLphp
On 25 Jan., 10:56, Peter Schober <peter.scho...@univie.ac.at> wrote:
> * PeteDK <petermoel...@gmail.com> [2011-01-25 09:06]:
Wasn't aware that there were any other built in SSO modules? Which one
does people normally use.
> * PeteDK <petermoel...@gmail.com> [2011-01-25 09:06]:
>
> > Now i have tried to use the built in SSO module.
>
> >https://wayf.mysite.dk/simplesaml/saml2/sp/initSSO.php?RelayState=htt...
> > Now i have tried to use the built in SSO module.
>
>
> Which "built in SSO module" are you referring to?
> Looks like it's using the old, deprecated API.
>
> > Caused by: Exception: Could not find any default metadata entities in
> > set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
> > simplesaml]
>
> saml20-sp-hosted.php is not used anymore, as you've seen, by following
> the docs which have no mention of this.
> -peter
Well.. i think I'm using the one in www/saml2/sp/initSSO.php :)
> Which "built in SSO module" are you referring to?
> Looks like it's using the old, deprecated API.
>
> > Caused by: Exception: Could not find any default metadata entities in
> > set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
> > simplesaml]
>
> saml20-sp-hosted.php is not used anymore, as you've seen, by following
> the docs which have no mention of this.
> -peter
Wasn't aware that there were any other built in SSO modules? Which one
does people normally use.
PeteDK
Jan 25, 2011, 6:01:27 AM1/25/11
to simpleSAMLphp
Backtrace:
0 .../wayf_server/simplesamlphp/www/saml2/sp/initSSO.php:73 (N/A)
Caused by: Exception: Could not find any default metadata entities in
set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
simplesaml]
Backtrace:
set [saml20-sp-hosted] for host [wayf.mysite.dk : wayf.mysite.dk/
simplesaml]
1 .../wayf_server/simplesamlphp/lib/SimpleSAML/Metadata/
MetaDataStorageHandler.php:226
(SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataCurrentEntityID)
0 .../wayf_server/simplesamlphp/www/saml2/sp/initSSO.php:32 (N/A)
Peter Schober
Jan 25, 2011, 6:02:00 AM1/25/11
to simpleSAMLphp
* PeteDK <peterm...@gmail.com> [2011-01-25 11:55]:
> Well.. i think I'm using the one in www/saml2/sp/initSSO.php :)
> Well.. i think I'm using the one in www/saml2/sp/initSSO.php :)
I thought you were referring to some application software.
So you're making up that URL yourself? How about following
http://simplesamlphp.org/docs/1.7/simplesamlphp-sp#section_6
instead?
(I don't know the syntax for manual session initiation.)
-peter
PeteDK
Jan 25, 2011, 7:40:26 AM1/25/11
to simpleSAMLphp
On 25 Jan., 12:02, Peter Schober <peter.scho...@univie.ac.at> wrote:
> * PeteDK <petermoel...@gmail.com> [2011-01-25 11:55]:
>
> > Well.. i think I'm using the one in www/saml2/sp/initSSO.php :)
>
> I thought you were referring to some application software.
> So you're making up that URL yourself? How about followinghttp://simplesamlphp.org/docs/1.7/simplesamlphp-sp#section_6
> > Well.. i think I'm using the one in www/saml2/sp/initSSO.php :)
>
> I thought you were referring to some application software.
> instead?
> (I don't know the syntax for manual session initiation.)
> -peter
Well the initSSO.php script lives in the simplesamlphp package, so i
> (I don't know the syntax for manual session initiation.)
> -peter
thought that was the normal way of using the "default" login method,
or in other words, initiating a phpsession...?
But i will have a look at the section 6 documentation :)
PeteDK
Jan 25, 2011, 9:12:04 AM1/25/11
to simpleSAMLphp
okay, now i have tried something different :)
To authenticate, instead of the initSSO.php, just go with the one used
by simplesamlphp to test authentification source… (i think i got the
terms mixed up earlier)
so now… for login:
https://wayf.mysite.dk/simplesaml/module.php/core/authenticate.php?as=default-sp
#this works fine… i get to way.dk, can log in with the test user, and
now i just want to return to my simplesamlphp server and initiate a
session/log the user in before i go any further:
my acs link is:
https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php
this gives the following error:
Backtrace:
0 /.../wayf_server/simplesamlphp/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: No authentication source with
id false found.
Backtrace:
2 /.../wayf_server/simplesamlphp/lib/SimpleSAML/Auth/Source.php:222
(SimpleSAML_Auth_Source::getById)
1 /.../wayf_server/simplesamlphp/modules/saml/www/sp/saml2-acs.php:8
(require)
0 /.../wayf_server/simplesamlphp/www/module.php:135 (N/A)
Again, it looks to me like some config error?? my idp is in the
authsources.php file, but the "id false" thing confuses me quite a
bit :-S
To authenticate, instead of the initSSO.php, just go with the one used
by simplesamlphp to test authentification source… (i think i got the
terms mixed up earlier)
so now… for login:
https://wayf.mysite.dk/simplesaml/module.php/core/authenticate.php?as=default-sp
#this works fine… i get to way.dk, can log in with the test user, and
now i just want to return to my simplesamlphp server and initiate a
session/log the user in before i go any further:
my acs link is:
https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php
this gives the following error:
Backtrace:
0 /.../wayf_server/simplesamlphp/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: No authentication source with
id false found.
Backtrace:
2 /.../wayf_server/simplesamlphp/lib/SimpleSAML/Auth/Source.php:222
(SimpleSAML_Auth_Source::getById)
1 /.../wayf_server/simplesamlphp/modules/saml/www/sp/saml2-acs.php:8
(require)
0 /.../wayf_server/simplesamlphp/www/module.php:135 (N/A)
Again, it looks to me like some config error?? my idp is in the
authsources.php file, but the "id false" thing confuses me quite a
bit :-S
Olav Morken
Jan 26, 2011, 2:28:09 AM1/26/11
to simple...@googlegroups.com
On Tue, Jan 25, 2011 at 06:12:04 -0800, PeteDK wrote:
> okay, now i have tried something different :)
>
> To authenticate, instead of the initSSO.php, just go with the one used
> by simplesamlphp to test authentification source… (i think i got the
> terms mixed up earlier)
>
> so now… for login:
> https://wayf.mysite.dk/simplesaml/module.php/core/authenticate.php?as=default-sp
> okay, now i have tried something different :)
>
> To authenticate, instead of the initSSO.php, just go with the one used
> by simplesamlphp to test authentification source… (i think i got the
> terms mixed up earlier)
>
> so now… for login:
> https://wayf.mysite.dk/simplesaml/module.php/core/authenticate.php?as=default-sp
You shouldn't use that link. Instead, use the URL:
https://wayf.mysite.dk/core/as_login.php?AuthId=default-sp&ReturnTo=<return URL>
> #this works fine… i get to way.dk, can log in with the test user, and
> now i just want to return to my simplesamlphp server and initiate a
> session/log the user in before i go any further:
>
> my acs link is:
> https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php
This is wrong. It should have the authentication source ID afterwards,
e.g.:
https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
> Again, it looks to me like some config error?? my idp is in the
> authsources.php file, but the "id false" thing confuses me quite a
> bit :-S
We should probably change the code to produce a «404 Not Found» or
«400 Bad Request» error instead.
Regards,
Olav Morken
UNINETT / Feide
PeteDK
Jan 26, 2011, 4:16:38 AM1/26/11
to simpleSAMLphp
On 26 Jan., 08:28, Olav Morken <olav.mor...@uninett.no> wrote:
> On Tue, Jan 25, 2011 at 06:12:04 -0800, PeteDK wrote:
> > okay, now i have tried something different :)
>
> > To authenticate, instead of the initSSO.php, just go with the one used
> > by simplesamlphp to test authentification source… (i think i got the
> > terms mixed up earlier)
>
> > so now… for login:
>
> You shouldn't use that link. Instead, use the URL:
>
> https://wayf.mysite.dk/core/as_login.php?AuthId=default-sp&ReturnTo=<return URL>
>
> > #this works fine… i get to way.dk, can log in with the test user, and
> > now i just want to return to my simplesamlphp server and initiate a
> > session/log the user in before i go any further:
>
> > my acs link is:
> >https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php
>
> This is wrong. It should have the authentication source ID afterwards,
> e.g.:
>
> https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php/de...
> You shouldn't use that link. Instead, use the URL:
>
> https://wayf.mysite.dk/core/as_login.php?AuthId=default-sp&ReturnTo=<return URL>
>
> > #this works fine… i get to way.dk, can log in with the test user, and
> > now i just want to return to my simplesamlphp server and initiate a
> > session/log the user in before i go any further:
>
> > my acs link is:
> >https://wayf.mysite.dk/simplesaml/module.php/saml/sp/saml2-acs.php
>
> This is wrong. It should have the authentication source ID afterwards,
> e.g.:
>
>
> > Again, it looks to me like some config error?? my idp is in the
> > authsources.php file, but the "id false" thing confuses me quite a
> > bit :-S
>
> We should probably change the code to produce a «404 Not Found» or
> «400 Bad Request» error instead.
>
> Regards,
> Olav Morken
> UNINETT / Feide
>
> smime.p7s
> > Again, it looks to me like some config error?? my idp is in the
> > authsources.php file, but the "id false" thing confuses me quite a
> > bit :-S
>
> We should probably change the code to produce a «404 Not Found» or
> «400 Bad Request» error instead.
>
> Regards,
> Olav Morken
> UNINETT / Feide
>
> 3KVisDownload
Thanks :)
I should've spend more time reading the documentation.
The login url now reads:
https://wayf.mysiteg.dk/simplesaml/module.php/core/as_login.php?AuthId=default-sp&ReturnTo=http://mysite.dk
The login part works great, i get sent to my idp and login, and I'm
redirected to the ACS i have set with my idp.
However. i now get a rather weird error.
"Cannot send session cache limiter - headers already sent"
I've created a simple ACS, just for testing:
<?php
require_once('/home/fincle/webapps/wayf_server/simplesamlphp/lib/
_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$attributes = $as->getAttributes();
print_r ($attributes);
?>
Any idea as to where i'm messing up? I'm prop. just using the API
wrong :)
thanks.
regards
pete
PeteDK
Jan 26, 2011, 4:27:43 AM1/26/11
to simpleSAMLphp
nevermind. i found out what the problem was :) thanks again for the
help.
help.
Aneel Sarwar
Aug 8, 2014, 4:15:11 AM8/8/14
to simple...@googlegroups.com
How did you solved this problem?
SimpleSAML_Error_Exception: No authentication source with
id false found.
id false found.
Aneel Sarwar
Aug 18, 2014, 3:07:26 AM8/18/14
to simple...@googlegroups.com
Following are the 2 possible ways to fix it:
1) Adding a parameter of "ResumePath" in ssoPortalUrl both in authsources.php and sp-idp-remote.php because RelayState wasn't working.
2) Making sure both idp and sp are of same version. I had sp setup of 1.12 and idp of 1.11 version, so as I didn't had access to the idp, I just downgraded the sp to 1.11 and it started working.
Regards,
Aneel Sarwar
Reply all
Reply to author
Forward
0 new messages