IDP metadata url
2,244 views
Skip to first unread message
Thomas de Jesus
Sep 1, 2022, 5:42:49 PM9/1/22
to SimpleSAMLphp
I have a test server set up for simplesaml but the idp metadata url is trying to download instead of going to the page with XML. I'm at a loss.
Dick Visser
Sep 2, 2022, 9:53:25 AM9/2/22
to simple...@googlegroups.com
That is intentional behaviour.
What do you think it should do, and why?
On Thu, 1 Sep 2022 at 23:42, Thomas de Jesus <trf...@gmail.com> wrote:
I have a test server set up for simplesaml but the idp metadata url is trying to download instead of going to the page with XML. I'm at a loss.
--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
https://simplesamlphp.org/support
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
Make sure to read the documentation:
https://simplesamlphp.org/docs/stable/
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/61415297-d8c4-4420-b79a-351164c42d0dn%40googlegroups.com.
Sent from Gmail Mobile
Thomas de Jesus
Sep 2, 2022, 10:41:13 AM9/2/22
to SimpleSAMLphp
You can get the metadata xml on a dedicated URL:
that url is for some reason trying to download as a file instead of going to a page. I think I have a mime issue on that box.
Peter Brand
Sep 2, 2022, 10:48:06 AM9/2/22
to simple...@googlegroups.com
* Thomas de Jesus <trf...@gmail.com> [2022-09-01 23:42]:
Or download it and then view it with whatever you like, e.g. a text editor.
The MIME type for SAML Metadata is "application/samlmetadata+xml",
what are you seeing? (Check HTTP Reponse Headers when accessing the
metadata in the browser or use 'curl -I <URL>' or any other method.)
But Dick already asked the most important question: What are you
ultimately trying to achieve? (Please don't say "View the metadata
XML in my web browser".) While SAML 2.0 Metadata is XML and that's
essentially just text it has not been created for human ingestion. ;)
-peter
> I have a test server set up for simplesaml but the idp metadata url is
> trying to download instead of going to the page with XML. I'm at a loss.
Try prepending view-source: to the URL in your web browser.
> trying to download instead of going to the page with XML. I'm at a loss.
Or download it and then view it with whatever you like, e.g. a text editor.
The MIME type for SAML Metadata is "application/samlmetadata+xml",
what are you seeing? (Check HTTP Reponse Headers when accessing the
metadata in the browser or use 'curl -I <URL>' or any other method.)
But Dick already asked the most important question: What are you
ultimately trying to achieve? (Please don't say "View the metadata
XML in my web browser".) While SAML 2.0 Metadata is XML and that's
essentially just text it has not been created for human ingestion. ;)
-peter
Thomas de Jesus
Sep 2, 2022, 12:03:47 PM9/2/22
to simple...@googlegroups.com
I need the URL for my service provider. I have a live application of this working fine. my production server displays the metadata url correctly and my service provider, which is an application we host, uses that url for our SAML connection. in production everything is hunky dory.
In test, not so much. the url is triggering a download so my test server for my hosted SP is not reading the metadata. As we are trying to implement DUO, this is a problem (OK, implementing Duo is also a problem as the git repository they suggest is 7 years old and waaaaaay out of date.)
--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
https://simplesamlphp.org/support
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
Make sure to read the documentation:
https://simplesamlphp.org/docs/stable/
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/YxIXobxYSZ9%2Bj58B%40aco.net.
Peter Brand
Sep 2, 2022, 12:16:59 PM9/2/22
to simple...@googlegroups.com
* Thomas de Jesus <trf...@gmail.com> [2022-09-02 18:03]:
is immaterial. Maybe some service is sensitive to an incorrect MIME
type (i.e., the value of the HTTP Reponse Header "Content-Type") when
consuming your metadata, but we don't even know whether that's the
case from what you wrote.
(I also provided you with instructions on how to find out what content
type your server reports when you access the metadata but you keep
avoiding any technical details which will get us nowhere.)
-peter
> In test, not so much. the url is triggering a download so my test server
> for my hosted SP is not reading the metadata. As we are trying to implement
> DUO, this is a problem (OK, implementing Duo is also a problem as the git
> repository they suggest is 7 years old and waaaaaay out of date.)
Again, the fact that your web browser is trying to download something
> for my hosted SP is not reading the metadata. As we are trying to implement
> DUO, this is a problem (OK, implementing Duo is also a problem as the git
> repository they suggest is 7 years old and waaaaaay out of date.)
is immaterial. Maybe some service is sensitive to an incorrect MIME
type (i.e., the value of the HTTP Reponse Header "Content-Type") when
consuming your metadata, but we don't even know whether that's the
case from what you wrote.
(I also provided you with instructions on how to find out what content
type your server reports when you access the metadata but you keep
avoiding any technical details which will get us nowhere.)
-peter
Peter Brand
Sep 2, 2022, 12:22:02 PM9/2/22
to simple...@googlegroups.com
* Peter Brand <peter...@univie.ac.at> [2022-09-02 18:17]:
what's the action *content* that you get when you access your IDP's
metadata URL, which seems at least as relevant.
-peter
> * Thomas de Jesus <trf...@gmail.com> [2022-09-02 18:03]:
> > In test, not so much. the url is triggering a download so my test server
> > for my hosted SP is not reading the metadata. As we are trying to implement
> > DUO, this is a problem (OK, implementing Duo is also a problem as the git
> > repository they suggest is 7 years old and waaaaaay out of date.)
>
> Again, the fact that your web browser is trying to download something
> is immaterial. Maybe some service is sensitive to an incorrect MIME
> type (i.e., the value of the HTTP Reponse Header "Content-Type") when
> consuming your metadata, but we don't even know whether that's the
> case from what you wrote.
Besides the content type discussion you still have failed to mention
> > In test, not so much. the url is triggering a download so my test server
> > for my hosted SP is not reading the metadata. As we are trying to implement
> > DUO, this is a problem (OK, implementing Duo is also a problem as the git
> > repository they suggest is 7 years old and waaaaaay out of date.)
>
> Again, the fact that your web browser is trying to download something
> is immaterial. Maybe some service is sensitive to an incorrect MIME
> type (i.e., the value of the HTTP Reponse Header "Content-Type") when
> consuming your metadata, but we don't even know whether that's the
> case from what you wrote.
what's the action *content* that you get when you access your IDP's
metadata URL, which seems at least as relevant.
-peter
Dick Visser
Sep 2, 2022, 12:37:13 PM9/2/22
to simple...@googlegroups.com
"downloading" and "viewing" both involve "downloading" the (same)
content (an XML formatted document).
Whatever your HTTP user agent decides to do with that content
(probably based on the content-type header) is not really
SimpleSAMLphp's business.
Having said that, all the tools, portals, and software that I've ever
come across in the last 15 years just grokked metadata URL as-is.
Never was the content-type an issue.
Is the "test server for my hosted SP" that you mention perhaps
actually a human being (you?) clicking through URLs?
If possible, please provide more, and more clear, context.
Dick
> To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/CAOuPuJr52Lp0zNOgMVsG0AKDE9g%2Bcw%2BQAaw-m3a5tcSqhF4CLw%40mail.gmail.com.
content (an XML formatted document).
Whatever your HTTP user agent decides to do with that content
(probably based on the content-type header) is not really
SimpleSAMLphp's business.
Having said that, all the tools, portals, and software that I've ever
come across in the last 15 years just grokked metadata URL as-is.
Never was the content-type an issue.
Is the "test server for my hosted SP" that you mention perhaps
actually a human being (you?) clicking through URLs?
If possible, please provide more, and more clear, context.
Dick
Reply all
Reply to author
Forward
0 new messages