Unable to do a basic setup, keep hitting road blocks
24 views
Skip to first unread message
eric gandt
Jul 28, 2025, 3:33:17 AMJul 28
to SimpleSAMLphp
Want I want is a simply SAML2.0 setup, where default-sp uses the example-userpass for logins such that I can use it development, seems simply, but I've had zero luck.
Even simply testing via the UI, the 'default-sp' source dopes not work.
Test Authentication Sources
admin
example-userpass
default-sp
the first 2 are fine, but the third one always fails. On my 4th or 5th complete redo and I'm stuck. Searching is not finding any explanation (or any good helpful one) either.
Even simply testing via the UI, the 'default-sp' source dopes not work.
Test Authentication Sources
admin
example-userpass
default-sp
the first 2 are fine, but the third one always fails. On my 4th or 5th complete redo and I'm stuck. Searching is not finding any explanation (or any good helpful one) either.
admin and example-userpass both work as expected.
SimpleSAML\Error\MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => 'v2-2350161.unknown.co')
Backtrace:
6 src/SimpleSAML/Metadata/MetaDataStorageHandler.php:331 (SimpleSAML\Metadata\MetaDataStorageHandler::getMetaData)
5 src/SimpleSAML/Metadata/MetaDataStorageHandler.php:348 (SimpleSAML\Metadata\MetaDataStorageHandler::getMetaDataConfig)
4 modules/saml/src/IdP/SAML2.php:411 (SimpleSAML\Module\saml\IdP\SAML2::receiveAuthnRequest)
3 [builtin] (call_user_func_array)
2 src/SimpleSAML/HTTP/RunnableResponse.php:68 (SimpleSAML\HTTP\RunnableResponse::sendContent)
1 vendor/symfony/http-foundation/Response.php:423 (Symfony\Component\HttpFoundation\Response::send)
0 public/saml2/idp/SSOService.php:30 (N/A)
I'm confused as to why this is showing IO have a entityID defined named: ' v2-2350161.unknown.co', I'm unsure what file it is even coming from, as ' v2-2350161.unknown.co' is defined in the config/authsources.php and maps to entities in both saml20-idp-remote.php and saml20-idp-hosted.php. saml20-sp-remote.php is empty as that seems to be what the samples all do (which seems odd).
SimpleSAML\Error\MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => 'v2-2350161.unknown.co')
Backtrace:
6 src/SimpleSAML/Metadata/MetaDataStorageHandler.php:331 (SimpleSAML\Metadata\MetaDataStorageHandler::getMetaData)
5 src/SimpleSAML/Metadata/MetaDataStorageHandler.php:348 (SimpleSAML\Metadata\MetaDataStorageHandler::getMetaDataConfig)
4 modules/saml/src/IdP/SAML2.php:411 (SimpleSAML\Module\saml\IdP\SAML2::receiveAuthnRequest)
3 [builtin] (call_user_func_array)
2 src/SimpleSAML/HTTP/RunnableResponse.php:68 (SimpleSAML\HTTP\RunnableResponse::sendContent)
1 vendor/symfony/http-foundation/Response.php:423 (Symfony\Component\HttpFoundation\Response::send)
0 public/saml2/idp/SSOService.php:30 (N/A)
I'm confused as to why this is showing IO have a entityID defined named: ' v2-2350161.unknown.co', I'm unsure what file it is even coming from, as ' v2-2350161.unknown.co' is defined in the config/authsources.php and maps to entities in both saml20-idp-remote.php and saml20-idp-hosted.php. saml20-sp-remote.php is empty as that seems to be what the samples all do (which seems odd).
My configures are:
# cat config/authsources.php
<?php
$config = array(
'admin' => [
'core:AdminPassword',
],
'example-userpass' => [
...... <removed for size> .....
],
'default-sp' => [
'saml:SP',
'entityID' => 'v2-2350161.unknown.co',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'idp' => 'v2-2350161.unknown.co',
],
);
# cat metadata/saml20-idp-remote.php
<?php
$metadata['v2-2350161.unknown.co'] = [
'SingleSignOnService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SSOService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'SingleLogoutService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SingleLogoutService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'certificate' => 'server.pem',
];
# cat metadata/saml20-idp-hosted.php
<?php
$metadata[' v2-2350161.unknown.co '] = [
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'example-userpass',
'contacts' => [
[
'contactType' => 'support',
'emailAddress' => 'root@localhost',
'givenName' => 'root',
'surName' => 'user',
'company' => 'unknown.co',
],
],
];
# cat metadata/saml20-sp-remote.php
<?php
/**
* SAML 2.0 remote SP metadata for SimpleSAMLphp.
*/
# cat config/authsources.php
<?php
$config = array(
'admin' => [
'core:AdminPassword',
],
'example-userpass' => [
...... <removed for size> .....
],
'default-sp' => [
'saml:SP',
'entityID' => 'v2-2350161.unknown.co',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'idp' => 'v2-2350161.unknown.co',
],
);
# cat metadata/saml20-idp-remote.php
<?php
$metadata['v2-2350161.unknown.co'] = [
'SingleSignOnService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SSOService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'SingleLogoutService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SingleLogoutService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'certificate' => 'server.pem',
];
# cat metadata/saml20-idp-hosted.php
<?php
$metadata[' v2-2350161.unknown.co '] = [
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'example-userpass',
'contacts' => [
[
'contactType' => 'support',
'emailAddress' => 'root@localhost',
'givenName' => 'root',
'surName' => 'user',
'company' => 'unknown.co',
],
],
];
# cat metadata/saml20-sp-remote.php
<?php
/**
* SAML 2.0 remote SP metadata for SimpleSAMLphp.
*/
Is empty as the examples do nothing with it.
I can get metadata, under federation, but it does not work in my app, I'm assuming the issue is not the app as it can connect to Okta for example, so I'm figuring the error above is a (or the) cause.
Thanks,
I can get metadata, under federation, but it does not work in my app, I'm assuming the issue is not the app as it can connect to Okta for example, so I'm figuring the error above is a (or the) cause.
Thanks,
ERIC
Tim van Dijen
Jul 28, 2025, 8:10:22 AMJul 28
to SimpleSAMLphp
Hi Eric,
The metadata-entries are missing a `entityID`-key. Putting the entityID in the array-key like you did is old pre 2.0-behaviour that no longer works.
- Tim
Op maandag 28 juli 2025 om 09:33:17 UTC+2 schreef eric.gandt....@gmail.com:
eric gandt
Jul 28, 2025, 7:48:43 PMJul 28
to SimpleSAMLphp
I changed metadata/saml20-sp-remote.php to be populated:
<?php
$metadata['v2-2350161.unknown.co'] = [
'AssertionConsumerService' => [
[
'index' => 1,
'isDefault' => true,
'Location' => 'v2-2350161.unknown.co/module.php/saml/sp/saml2-acs.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
],
],
'SingleLogoutService' => [
[
'Location' => 'https://v2-2350161.unknown.co/module.php/saml/sp/saml2-logout.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
];
I had to also fix metadata/saml20-idp-remote.php, so that it was using the crt not pem file
];
Oddly the quick start docs do not mention that is is needed at all, however it clearly is I can not log into the default-sp using the example users. Now I just need to debug the client side issues. Thanks for your help.
Wanted to respond in hopes that this is of some help to other people.
<?php
$metadata['v2-2350161.unknown.co'] = [
'AssertionConsumerService' => [
[
'index' => 1,
'isDefault' => true,
'Location' => 'v2-2350161.unknown.co/module.php/saml/sp/saml2-acs.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
],
],
'SingleLogoutService' => [
[
'Location' => 'https://v2-2350161.unknown.co/module.php/saml/sp/saml2-logout.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
I had to also fix metadata/saml20-idp-remote.php, so that it was using the crt not pem file
<?php
$metadata['v2-2350161.unknown.co'] = [
'SingleSignOnService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SSOService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'SingleLogoutService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SingleLogoutService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'certificate' => 'server.crt',$metadata['v2-2350161.unknown.co'] = [
'SingleSignOnService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SSOService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
'SingleLogoutService' => [
[
'Location' => 'https://unknown.co:9443/simplesaml/saml2/idp/SingleLogoutService.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
];
Oddly the quick start docs do not mention that is is needed at all, however it clearly is I can not log into the default-sp using the example users. Now I just need to debug the client side issues. Thanks for your help.
Wanted to respond in hopes that this is of some help to other people.
ERIC
Reply all
Reply to author
Forward
0 new messages