"Show metadata" on Federation page is directing me to a 404 after defining the authsources.php

[siri...@gmail.com]

I have a SimpleSAMLphp (v1.15) IdP that might be setup correctly. I am trying to authenticate with it on a separate server using SimpleSAMLphp (v1.15) for the SP. When I create the SP config in authsources.php I have essentially:

$config['MySP'] =
[
    'saml:SP',
    'entityID' => null, // Turns into https://sp.example.com/simplesamlphp/module.php/saml/sp/metadata.php/MySP
    'idp' => 'https://idp.example.com/saml2/idp/metadata.php',
    'privatekey' => 'example.pem',
    'certificate' => 'example.crt'
];

(The above is dynamically created from a database. I created a control panel for users to register IdPs. There is code also in saml20-idp-remote.php to correctly create the required metadata for the IdP).

On the Federation tab on the SP I see:

SAML 2.0 SP Metadata

Entity ID: https://sp.example.com/simplesamlphp/module.php/saml/sp/metadata.php/MySP
My SP
[ Show metadata ]

The "Show metadata" link goes to:

https://sp.example.com/simplesamlphp/module.php/saml/sp/metadata.php/MySP?output=xhtml

That link just goes to a 404 page though. (In the logs it says 'open() "/var/www/composer/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/metadata.php/MySP" failed (20: Not a directory)'). The "https://sp.example.com/simplesamlphp/module.php/saml/sp/metadata.php" goes to a bad request page as expected when the authentication source is missing.

My setup on the SP seems to be fairly standard composer install. I have a custom environment path to my config directory and custom metadatadir that all seems to work fine. (I can see my Trusted IdP listed on the Federation page that correctly links to the IdP metadata. I've tested disabling the metadatadir also thinking maybe it interfered with authsources.php, but that doesn't seem to be the case. Also I've tested disabling cert/private key on the SP with no difference.

For further information: When I go to Authentications tab on the SP and click on test authentication sources then click on MySP I am redirected to login to the IdP. After logging in I am then redirected to: https://sp.example.com/simplesamlphp/module.php/saml/sp/saml2-acs.php/MySP which is also a 404.

I have manually defined the metadata on the IdP saml20-sp-remote.php that looks like:

$metadata['https://sp.example.com/simplesamlphp/module.php/saml/sp/metadata.php/MySP'] =
[
    'AssertionConsumerService' => 'https://sp.example.com/simplesamlphp/module.php/saml/sp/saml2-acs.php/MySP',
    'SingleLogoutService'      => 'https://sp.example.com/simplesamlphp/module.php/saml/sp/saml2-logout.php/MySP',
    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:persistent',
    'simplesaml.nameidattribute' => 'username'
];

I assume the issue on the SP with the metadata leading to a 404 is similar to this issue as well though. Been reading the documentation over and over and I'm at a loss, so any insight would be appreciated. I have to assume I have an issue with my authsources.php leading to the 404, but I can't figure out the cause.

[siri...@gmail.com]

Was looking at other configurations online. The "(/|$)" after php is very important.

    location /simplesamlphp {
        alias /var/www/composer/vendor/simplesamlphp/simplesamlphp/www;
        location ~ \.php(/|$) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
        }
    }

That seems to have solved it.

[c.gi...@gmail.com]

I had the same problem. Thank you very much. This works as expected.

It seems that the documentation is wrong here: https://simplesamlphp.org/docs/stable/simplesamlphp-install

[adon...@gmail.com]

THANK YOU.

I was about to throw my keyboard through my monitor.