Is there a way to test Feide OpenIDp from localhost ?

1,363 views
Skip to first unread message

laurence.h...@gemalto.com

unread,
Feb 13, 2012, 10:37:59 AM2/13/12
to simple...@googlegroups.com
Hello
I cannot seem to find a way to test my application (currently on localhost) with Feide OpenIDp.
I look at the Metadata Registry, and see that few people have used "localhost", which makes sense to me because I would expect the IDp to read the metadata directly with the link provided, so localhost is not accessible. Yet it is confusing, because the browser is in the middle when doing authentication, and locahost is acceptable in this case.
This is what I do:

Click on "Test configured authentication sources". Two options are offered:

  • Admin
  • SmartGamerConneXion
Click on SmartGamerConneXion.
OpenIDp shows login window. I enter data, validate, and this leads to an error: [f0c6c4eda6]

file_get_contents(https://localhost/smartgamerconnexion/): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found"

If the reason is what I think, is there a way for me to register the XML content, other than posting an accessible URL for the metadata file ?

Thank you

Best regards


Peter Schober

unread,
Feb 13, 2012, 10:47:55 AM2/13/12
to simple...@googlegroups.com
* laurence.h...@gemalto.com <laurence.h...@gemalto.com> [2012-02-13 16:38]:

> OpenIDp shows login window. I enter data, validate, and this leads to an
> error: [f0c6c4eda6]
>
> file_get_contents(https://localhost/smartgamerconnexion/): failed to open
> stream: HTTP request failed! HTTP/1.1 404 Not Found"

Assuming this is on your own webserver, what does its log say?
Does /smartgamerconnexion/ exist on the SSL vhost?
-peter

HANNEGUELLE Laurence

unread,
Feb 14, 2012, 3:16:37 AM2/14/12
to simple...@googlegroups.com
Hello Peter

Indeed there is my "index.php" page at the URL:
https://localhost/smartgamerconnexion/

And the metadata that I registered in OpenID are at this location:

https://localhost/simplesaml/module.php/saml/sp/metadata.php/SmartGamerConneXion

But so far (I have followed the guidelines) I have not integrated the code into my own pages. I start the connexion from SimpleSAMLphp tab [Authentication]. Since all was green, I assumed I could try. Maybe the guidelines are wrong and I should integrate the code before attempting to use OpenID ? By the way, I don't understand why SimpleSAMLphp did not require me in its configuration, to provide the exact page that will handle the POSTS for the login, and the page that will handle the single logout. So far, what is handled by SimpleSAMLphp and what is handled by my application is unclear.

I am using XAMPP under Windows and it took me a while to find how to write the alias properly =
DocumentRoot "D:/xampp/htdocs"
Alias /simplesaml "D:/xampp/htdocs/simplesamlphp-1.8.2/www"

I do not have a virtual host. I had a require SSL so far, to force SSL, but I am now commenting it out because some colleagues want to be able to access the application without SSL.

<Directory "D:/xampp/htdocs/smartgamerconnexion">
#LHA 11Feb.2012 inform Apache that we will always use encryption
SSLRequireSSL
</Directory>

Any help will be immensely appreciated.
Thank you
Best regards
Laurence

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To post to this group, send email to simple...@googlegroups.com.
To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.

Dick Visser

unread,
Feb 14, 2012, 3:45:33 AM2/14/12
to simple...@googlegroups.com
On 14 February 2012 09:16, HANNEGUELLE Laurence

<Laurence.H...@gemalto.com> wrote:
> I do not have a virtual host. I had a require SSL so far, to force SSL, but I am now commenting it out because some colleagues want to be able to access the application without SSL.

Your first message seems to indicate that you want to use 'localhost'
as the hostname, but now you mention colleagues that want to access it
without SSL, which (to me) implies some sort of a network. Or is this
maybe on a terminal server?

--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands

laurence.h...@gemalto.com

unread,
Feb 14, 2012, 5:43:17 AM2/14/12
to simpleSAMLphp
Hi
Sorry that my explanations were not clear.
My laptop is connected to the company network with Internet access. It
is running XAMPP. My application is in the htdocs of Xampp, in its own
directory "smartgamerconnexion". This is why I access my application
locally with the URL = https://localhost/smartgamerconnexion/

There is some IDp available, but not well supported at the moment, and
it will use http rather than https for tests (via the browser). This
is why I commented out the SSLrequireSSL statement in Apache. But
before attempting to connect to the IDp, I want to use Feide OpenIDp,
because it has been tested by many people successfully.

So, when I registered the metadata on your OpenIDp server, I used a
URL copied from SimpleSAMLphp "Federation" tab, where it came out as:
https://localhost/simplesaml/module.php/saml/sp/metadata.php/SmartGamerConneXion

OpenID will not be able to access my metadata using this URL directly,
this is why I was asking whether there was another way to provide
metadata.
Apparently, the crash occurs when metadata is retrieved, it says
"error dowloading metadata", but it seems to download it from "https://
localhost/smartgamerconnexion/" instead of "https://localhost/
simplesaml/module.php/saml/sp/metadata.php/SmartGamerConneXion" ??
(See error message below)

Backtrace:
1 /var/simplesamlphp-openidp/www/_include.php:34
(SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: Exception: Error downloading metadata from "https://
localhost/smartgamerconnexion/": file_get_contents(https://localhost/
smartgamerconnexion/): failed to open stream: HTTP request failed!
HTTP/1.1 404 Not Found

Backtrace:
4 /var/simplesamlphp-openidp/lib/SimpleSAML/Metadata/
MetaDataStorageHandlerDynamicXML.php:230
(SimpleSAML_Metadata_MetaDataStorageHandlerDynamicXML::getMetaData)
3 /var/simplesamlphp-openidp/lib/SimpleSAML/Metadata/
MetaDataStorageHandler.php:270
(SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 /var/simplesamlphp-openidp/lib/SimpleSAML/Metadata/
MetaDataStorageHandler.php:306
(SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 /var/simplesamlphp-openidp/modules/saml/lib/IdP/SAML2.php:192
(sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 /var/simplesamlphp-openidp/www/saml2/idp/SSOService.php:19 (N/A)

laurence.h...@gemalto.com

unread,
Feb 14, 2012, 1:34:26 PM2/14/12
to simpleSAMLphp
There were a lot of issues, but regarding this error in particular, it
had to do with OpenIDp page to register metadata.

First thing to understand, is that the EntityID is NOT a URL, but a
mere character string.
The fact that OpenID's EntityID, given as an example, is a URL
('https://openidp.feide.no') does not mean that every other
identifier, be it for SP or IDp, has to be a URL also. It can be any
string !

Second thing, the OpenID page to register metadata, is NOT requiring
the URL of the metadata (hence my question, in my case it cannot be
accessed).
It is requiring:
- the EntityID (a character string that may look like a URL), in fact
the same that was declared in the file "authsources.php"
- the two endpoints that can be found in the metadata of the
[Federation] tab

In my case, the correct data was:
entityID= "https://localhost/smartgamerconnexion/"
and this is what SimpleSAML was looking for and could not find:
Error downloading metadata from "https://localhost/
smartgamerconnexion/" might as well have been "error downloading
metadata from MyService" if the EntityID was named that way. Nothing
to do with the actual URL of the web site.

With this correction, the downloading metadata error disappears.

Thank you very much for your support. Ticket closed.
Best regards
Laurence





Reply all
Reply to author
Forward
0 new messages