[v1.8] SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP
3,292 views
Skip to first unread message
eurosat7
Jan 13, 2012, 7:59:19 AM1/13/12
to simple...@googlegroups.com
Hi List
I looked up other postings in this list about this error message but my problem seems a little bit different. My IDP URL seems to miss is EntityID.
I'm just starting with simplesamlphp and I still try to learn on how to use it. My first idea was to set it up (v 1.8) and play with it. So I have two domain names (for the cookies) sharing the same source on a localhost with windows 7 64bit:
localipd is the dns to be used as the identity provider
localsp is the dns to be used as the service provider
Both domains have the same simplesamlphp installation with /module.php in DOCUMENT_ROOT
I must have missed something obvious because when I start
http://localsp/module.php/core/authenticate.php?as=local-idp
I get redirected to:
http://localidp/saml2/idp/SSOService.php?SAMLRequest=hVLLbsIwEPyVyPeQOIiXBUgUVBWJFkRoD71UG9sUS46dejd9%2FH1DoBJc6M2anZmd3fUYobSVmNV0cFv9UWuk6Lu0DkVbmLA6OOEBDQoHpUZBUuSzx5XIOqmogicvvWUXktsKQNSBjHcsWi4m7C0d9RX0M8j4oDvs8pHkPcWLlKt%2BT2pe9Ia9Yi%2BLASjFohcdsFFOWGPUyBFrvXRI4KiBUp7FKY95d8cz0R2KtP%2FKokUzjXFArepAVIkksV6CNapKjmGz5PjK83Wuw6eRulMdKhbN%2FkLOvcO61OFcfd6urm2wSkqvatvqWsMEz8YxSGzRlhg3bVi0Oa%2Frzjhl3PvtTRUnEoqH3W4Tb9b5jk3HR2vRTh6m%2FwcpNYECgusc4%2BTSZXy6%2F1PTf7nYeGvkT3TvQwl0O94RMSret1RBARwa7ahZnrX%2Bax40kJ4wCrVmyfTU8vqXTX8B&RelayState=http%3A%2F%2Flocalsp%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dlocal-idp
showing this error:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP 'http://localidp/saml2/idp/metadata.php' because it isn't a valid IdP for this SP.
Backtrace:
2 D:\HTDOCS-PORTS\simplesamlphp\modules\saml\lib\Auth\Source\SP.php:108 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
1 D:\HTDOCS-PORTS\simplesamlphp\modules\saml\www\sp\saml2-acs.php:47 (require)
0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:135 (N/A)
My configs:
***********
authsources.php
$config = array(
'local-idp' => array(
'saml:SP',
'idp' => 'http://localidp',
),
);
saml20-idp-remote.php
$metadata['http://localidp'] = array(
'name' => array(
'en' => 'local idp',
),
'description' => 'Test Accounts hosted locally',
'SingleSignOnService' => 'http://localidp/saml2/idp/SSOService.php',
'SingleLogoutService' => 'http://localidp/saml2/idp/SingleLogoutService.php',
'certFingerprint' => 'dunno',
);
saml20-idp-hosted.php
$metadata['http://localidp'] = array(
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'example-userpass',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => array(
100 => array('class' => 'core:AttributeMap', 'name2oid'),
),
);
saml20-sp-remote.php
$metadata['http://localsp/module.php/saml/sp/metadata.php/local-idp'] = array (
'AssertionConsumerService' => 'http://localsp/module.php/saml/sp/saml2-acs.php/local-idp',
'SingleLogoutService' => 'http://localsp/module.php/saml/sp/saml2-logout.php/local-idp',
);
Where did I screwed up?
TIA,
Patrick
I looked up other postings in this list about this error message but my problem seems a little bit different. My IDP URL seems to miss is EntityID.
I'm just starting with simplesamlphp and I still try to learn on how to use it. My first idea was to set it up (v 1.8) and play with it. So I have two domain names (for the cookies) sharing the same source on a localhost with windows 7 64bit:
localipd is the dns to be used as the identity provider
localsp is the dns to be used as the service provider
Both domains have the same simplesamlphp installation with /module.php in DOCUMENT_ROOT
I must have missed something obvious because when I start
http://localsp/module.php/core/authenticate.php?as=local-idp
I get redirected to:
http://localidp/saml2/idp/SSOService.php?SAMLRequest=hVLLbsIwEPyVyPeQOIiXBUgUVBWJFkRoD71UG9sUS46dejd9%2FH1DoBJc6M2anZmd3fUYobSVmNV0cFv9UWuk6Lu0DkVbmLA6OOEBDQoHpUZBUuSzx5XIOqmogicvvWUXktsKQNSBjHcsWi4m7C0d9RX0M8j4oDvs8pHkPcWLlKt%2BT2pe9Ia9Yi%2BLASjFohcdsFFOWGPUyBFrvXRI4KiBUp7FKY95d8cz0R2KtP%2FKokUzjXFArepAVIkksV6CNapKjmGz5PjK83Wuw6eRulMdKhbN%2FkLOvcO61OFcfd6urm2wSkqvatvqWsMEz8YxSGzRlhg3bVi0Oa%2Frzjhl3PvtTRUnEoqH3W4Tb9b5jk3HR2vRTh6m%2FwcpNYECgusc4%2BTSZXy6%2F1PTf7nYeGvkT3TvQwl0O94RMSret1RBARwa7ahZnrX%2Bax40kJ4wCrVmyfTU8vqXTX8B&RelayState=http%3A%2F%2Flocalsp%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dlocal-idp
showing this error:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP 'http://localidp/saml2/idp/metadata.php' because it isn't a valid IdP for this SP.
Backtrace:
2 D:\HTDOCS-PORTS\simplesamlphp\modules\saml\lib\Auth\Source\SP.php:108 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
1 D:\HTDOCS-PORTS\simplesamlphp\modules\saml\www\sp\saml2-acs.php:47 (require)
0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:135 (N/A)
My configs:
***********
authsources.php
$config = array(
'local-idp' => array(
'saml:SP',
'idp' => 'http://localidp',
),
);
saml20-idp-remote.php
$metadata['http://localidp'] = array(
'name' => array(
'en' => 'local idp',
),
'description' => 'Test Accounts hosted locally',
'SingleSignOnService' => 'http://localidp/saml2/idp/SSOService.php',
'SingleLogoutService' => 'http://localidp/saml2/idp/SingleLogoutService.php',
'certFingerprint' => 'dunno',
);
saml20-idp-hosted.php
$metadata['http://localidp'] = array(
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'example-userpass',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => array(
100 => array('class' => 'core:AttributeMap', 'name2oid'),
),
);
saml20-sp-remote.php
$metadata['http://localsp/module.php/saml/sp/metadata.php/local-idp'] = array (
'AssertionConsumerService' => 'http://localsp/module.php/saml/sp/saml2-acs.php/local-idp',
'SingleLogoutService' => 'http://localsp/module.php/saml/sp/saml2-logout.php/local-idp',
);
Where did I screwed up?
TIA,
Patrick
Olav Morken
Jan 17, 2012, 8:51:19 AM1/17/12
to simple...@googlegroups.com
On Fri, Jan 13, 2012 at 04:59:19 -0800, eurosat7 wrote:
> Hi List
>
> I looked up other postings in this list about this error message but my
> problem seems a little bit different. My IDP URL seems to miss is EntityID.
>
> I'm just starting with simplesamlphp and I still try to learn on how to use
> it. My first idea was to set it up (v 1.8) and play with it. So I have two
> domain names (for the cookies) sharing the same source on a localhost with
> windows 7 64bit:
>
> localipd is the dns to be used as the identity provider
> localsp is the dns to be used as the service provider
>
> Both domains have the same simplesamlphp installation with /module.php in
> DOCUMENT_ROOT
>
>
> I must have missed something obvious because when I start
>
> http://localsp/module.php/core/authenticate.php?as=local-idp
>
> I get redirected to:
>
> http://localidp/saml2/idp/SSOService.php?SAMLRequest=hVLLbsIwEPyVyPeQOIiXBUgUVBWJFkRoD71UG9sUS46dejd9%2FH1DoBJc6M2anZmd3fUYobSVmNV0cFv9UWuk6Lu0DkVbmLA6OOEBDQoHpUZBUuSzx5XIOqmogicvvWUXktsKQNSBjHcsWi4m7C0d9RX0M8j4oDvs8pHkPcWLlKt%2BT2pe9Ia9Yi%2BLASjFohcdsFFOWGPUyBFrvXRI4KiBUp7FKY95d8cz0R2KtP%2FKokUzjXFArepAVIkksV6CNapKjmGz5PjK83Wuw6eRulMdKhbN%2FkLOvcO61OFcfd6urm2wSkqvatvqWsMEz8YxSGzRlhg3bVi0Oa%2Frzjhl3PvtTRUnEoqH3W4Tb9b5jk3HR2vRTh6m%2FwcpNYECgusc4%2BTSZXy6%2F1PTf7nYeGvkT3TvQwl0O94RMSret1RBARwa7ahZnrX%2Bax40kJ4wCrVmyfTU8vqXTX8B&RelayState=http%3A%2F%2Flocalsp%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dlocal-idp
>
> showing this error:
> Hi List
>
> I looked up other postings in this list about this error message but my
> problem seems a little bit different. My IDP URL seems to miss is EntityID.
>
> I'm just starting with simplesamlphp and I still try to learn on how to use
> it. My first idea was to set it up (v 1.8) and play with it. So I have two
> domain names (for the cookies) sharing the same source on a localhost with
> windows 7 64bit:
>
> localipd is the dns to be used as the identity provider
> localsp is the dns to be used as the service provider
>
> Both domains have the same simplesamlphp installation with /module.php in
> DOCUMENT_ROOT
>
>
> I must have missed something obvious because when I start
>
> http://localsp/module.php/core/authenticate.php?as=local-idp
>
> I get redirected to:
>
> http://localidp/saml2/idp/SSOService.php?SAMLRequest=hVLLbsIwEPyVyPeQOIiXBUgUVBWJFkRoD71UG9sUS46dejd9%2FH1DoBJc6M2anZmd3fUYobSVmNV0cFv9UWuk6Lu0DkVbmLA6OOEBDQoHpUZBUuSzx5XIOqmogicvvWUXktsKQNSBjHcsWi4m7C0d9RX0M8j4oDvs8pHkPcWLlKt%2BT2pe9Ia9Yi%2BLASjFohcdsFFOWGPUyBFrvXRI4KiBUp7FKY95d8cz0R2KtP%2FKokUzjXFArepAVIkksV6CNapKjmGz5PjK83Wuw6eRulMdKhbN%2FkLOvcO61OFcfd6urm2wSkqvatvqWsMEz8YxSGzRlhg3bVi0Oa%2Frzjhl3PvtTRUnEoqH3W4Tb9b5jk3HR2vRTh6m%2FwcpNYECgusc4%2BTSZXy6%2F1PTf7nYeGvkT3TvQwl0O94RMSret1RBARwa7ahZnrX%2Bax40kJ4wCrVmyfTU8vqXTX8B&RelayState=http%3A%2F%2Flocalsp%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dlocal-idp
>
> showing this error:
I assume that it is not the URL above that shows this error?
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
>
> Backtrace:
> 0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:180 (N/A)
> Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP'http://localidp/saml2/idp/metadata.php' because
> it isn't a valid IdP for this SP.
Have you added the metadata for your idp in saml20-idp-remote.php? Does
that metadata match the metadata you get from:
http://localidp/saml2/idp/metadata.php?output=xhtml
Best regards,
Olav morken
UNINETT / Feide
eurosat7
Jan 19, 2012, 8:14:01 AM1/19/12
to simpleSAMLphp
I was using EntityIDs instead of URLs - changing that did the trick.
Thanks!
Thanks!
Tom Scavo
Aug 22, 2012, 3:55:54 PM8/22/12
to simple...@googlegroups.com
On Wed, Aug 22, 2012 at 9:56 AM, Bill Bohling <bgbo...@gmail.com> wrote:
>
> saml20-idp-remote.php
> $metadata['https://example.org'] = array(
> 'SingleSignOnService' =>
> 'https:///example.org/simplesaml/saml2/idp/SSOService.php',
> 'SingleLogoutService' =>
> 'https:///example.org/simplesaml/saml2/idp/SingleLogoutService.php',
> );
I'll note that there are three slashes in the above endpoint
locations. Not sure if that's an issue or not. Most likely is, I
suspect.
Tom
>
> saml20-idp-remote.php
> $metadata['https://example.org'] = array(
> 'SingleSignOnService' =>
> 'https:///example.org/simplesaml/saml2/idp/SSOService.php',
> 'SingleLogoutService' =>
> 'https:///example.org/simplesaml/saml2/idp/SingleLogoutService.php',
> );
I'll note that there are three slashes in the above endpoint
locations. Not sure if that's an issue or not. Most likely is, I
suspect.
Tom
Bill Bohling
Aug 22, 2012, 5:29:22 PM8/22/12
to simple...@googlegroups.com
Hmm...I might have copied and pasted that extra slash while sanitizing. I just checked and verified that there are no extra slashes in any of my real URLs.
Bill Bohling
Aug 24, 2012, 9:21:40 AM8/24/12
to simple...@googlegroups.com
Still stuck. I've been over and over the config on my SP side, so I'm
wondering if this could possibly be on the IDP end. I'm 100% certain I don't have any additional slashes in any of the URLs in my configs and I'm pretty sure my keys are correct, until I hear different from someone who knows more. We're all
new to SAML on this project, and the IDP is being set up at the same
time as the SPs. The IDP guys have been able to demonstrate a
successful login from the IDP machine (authenticating against one of the
feide test servers, I guess), but it seems to me that only shows that
the SP on the IDP machine works. I'm wondering how do we verify that
our IDP is working properly?
thanks,
Bill
thanks,
Bill
Manuel Roldan-Vega
Apr 21, 2015, 3:18:40 PM4/21/15
to simple...@googlegroups.com, bgbo...@gmail.com
Hi,
Not sure if you're able to figure this out yet, but i was having the same exact issue.
In my case, it was a '/' at the end of the idp name, in the authsources.php that was missing. What i would suggest is that you copy and paste the idp from the error message
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP 'http://localidp/saml2/idp/metadata.php' because it isn't a valid IdP for this SP.
Backtrace:
0 D:\HTDOCS-PORTS\simplesamlphp\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP 'http://localidp/saml2/idp/metadata.php' because it isn't a valid IdP for this SP.
Backtrace:
2 D:\HTDOCS-PORTS\simplesamlphp\modules\saml\lib\Auth\Source\SP.php:108 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
2 D:\HTDOCS-PORTS\simplesamlphp\modules\saml\lib\Auth\Source\SP.php:108 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
and paste it as is in the saml20-idp-remote.php $metadata index and in your authsource.php reference to the idp to ensure there's no difference between them.
Hope this helps.
Manny.
Reply all
Reply to author
Forward
0 new messages