SimpleSAML\Error\Error: DISCOPARAMS

61 views
Skip to first unread message

Elizabeth Altman

unread,
Jun 10, 2025, 8:00:04 PMJun 10
to SimpleSAMLphp
Hi,
I have installed 2.4.1 in preparation for using it with Drupal Simplesamlphp_auth.
The regular shortcut page /simplesaml is fine, but the discopower module url is throwing errors, starting with 

Backtrace: 5 modules/discopower/src/Controller/DiscoPower.php:28 (SimpleSAML\Module\discopower\Controller\DiscoPower::main) 4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:17 (N/A) Caused by: Exception: Missing parameter: entityID Backtrace: 7 src/SimpleSAML/XHTML/IdPDisco.php:130 (SimpleSAML\XHTML\IdPDisco::__construct) 6 modules/discopower/src/PowerIdPDisco.php:68 (SimpleSAML\Module\discopower\PowerIdPDisco::__construct) 5 modules/discopower/src/Controller/DiscoPower.php:22 (SimpleSAML\Module\discopower\Controller\DiscoPower::main) 4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:17 (N/A)
I am unclear which entityID parameter is missing, since I have completely configured authsources.php, config.php and saml20-idp-remote.php.

Do I need to make sure my IDP is recognizing my server before this works?  I'm just trying to get the initial installation squared away.

Thanks,
Elizabeth




Tim van Dijen

unread,
Jun 11, 2025, 6:20:14 AMJun 11
to SimpleSAMLphp
Hi Elizabeth!

I suspect you are migrating from a previous version and copied the saml20-idp-remote.php file.
All entries in that file need an `entityID` key set. This used to be the array-key for the entry, so you can copy it from there.
Alternatively you can run the metadata from your remote IDPs through the metadata-converter again.

- Tim

Op woensdag 11 juni 2025 om 02:00:04 UTC+2 schreef Elizabeth Altman:

Elizabeth Altman

unread,
Jul 7, 2025, 7:39:27 PMJul 7
to SimpleSAMLphp
Hi Tim,

I'm not clear what you mean by "All entries" -- there's only one.

Here's a snippet:

$metadata['entity-id-1'] = [
    'entityid' => 'urn:mace:incommon:csun.edu',
    'description' => [
        'en' => 'California State University, Northridge',
    ],
    'OrganizationName' => [
        'en' => 'California State University, Northridge',


Do I need to put additional entityIDs inside the nodes for 'SingleSignOnService' and   'SingleLogoutService'?

Is there an example file I can look at?

- Elizabeth

Kevin Sandy

unread,
Jul 8, 2025, 6:44:02 AMJul 8
to simple...@googlegroups.com
Do you have an entityID set in your auth source in authsources.php?


-- kevin

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
 
https://simplesamlphp.org/support
 
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
 
Make sure to read the documentation:
 
https://simplesamlphp.org/docs/stable/
 
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
 
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/simplesamlphp/ca251fc9-6f77-4271-98f9-c2a0df83040en%40googlegroups.com.

Tim van Dijen

unread,
Jul 14, 2025, 12:24:41 PMJul 14
to SimpleSAMLphp
Hi Elizabeth!

I think Kevin is spot-on here..  entityid versus entityID.

- Tim


Op dinsdag 8 juli 2025 om 12:44:02 UTC+2 schreef ke...@digitallotus.com:

Elizabeth Altman

unread,
Jul 28, 2025, 3:33:05 AMJul 28
to SimpleSAMLphp
Hello,

Yes I have an entityID statement in authsources.php.  It looks like this:

 'default-sp' => [
        'saml:SP',

        // The entity ID of this SP.
        'entityid' => 'https://server.domain.edu',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',

        // The entity ID of the IdP this SP should contact.
        // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
        'idp' => 'urn:mace:incommon:csun.edu',

        // The URL to the discovery service.
        // Can be NULL/unset, in which case a builtin discovery service will be used.
        'discoURL' => '/simplesaml/module.php/discopower/disco.php',

I tried changing it to entityID, restarted httpd and still have an error at the discoURL.
Also tried changing discoURL to null

Once again, that error is:


Backtrace: 5 modules/discopower/src/Controller/DiscoPower.php:28 (SimpleSAML\Module\discopower\Controller\DiscoPower::main)
4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw)
3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle)
2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)
Caused by: Exception: Missing parameter: entityID
Backtrace:
7 src/SimpleSAML/XHTML/IdPDisco.php:130 (SimpleSAML\XHTML\IdPDisco::__construct)
6 modules/discopower/src/PowerIdPDisco.php:68 (SimpleSAML\Module\discopower\PowerIdPDisco::__construct)
5 modules/discopower/src/Controller/DiscoPower.php:22 (SimpleSAML\Module\discopower\Controller\DiscoPower::main)
4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw)
3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle)
2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)




Message has been deleted

Tim van Dijen

unread,
Jul 28, 2025, 8:12:02 AMJul 28
to SimpleSAMLphp
Hi Elizabeth,

Can you share a SAML-trace with me? I'm struggling to understand why it is missing a HTTP request parameter...

- Tim

Op maandag 28 juli 2025 om 09:33:05 UTC+2 schreef Elizabeth Altman:

Elizabeth Altman

unread,
Aug 3, 2025, 10:55:53 PMAug 3
to SimpleSAMLphp
Hi Tim,

I'm not sure what you want me to trace -- the saml trace record just loading https://librarydev.csun.edu/simplesaml/module.php/discopower/disco.php contains a 500 error.  I'm attaching it anyway.

Just to be clear, we have only ONE IDP, and reviewing our previous messages yes I did copy the saml20-idp-remote.php from our current instance (which is running 2.4 and works). But I'm not sure what the proper current format of  saml20-idp-remote.php is.  The file starts with 
$metadata['urn:mace:incommon:csun.edu']
and includes 
'entityID' => 'urn:mace:incommon:csun.edu',  
and other minimum requirements.

Instead of  'certificate' => 'example.pem',

it's 
    'keys' => [
        [
            'encryption' => false,
            'signing' => true,
            'type' => 'X509Certificate',
            'X509Certificate' => [BIG LONG HASH]
      ],

Otherwise, I think it's all the same.

Another question -- there is very little about logging.  Is there a way to set up a single file to collect SSP logs?

Thank you!

Elizabeth
SAML-tracer-export-2025-07-29T23_51_05.690Z.json

Elizabeth Altman

unread,
Aug 3, 2025, 10:56:02 PMAug 3
to SimpleSAMLphp
Hi Tim,

I thought I replied, but I don't see the message yet, so I'm trying again.
The SAML trace shows a 500 error but I"m attaching it anyway.

Also, can you tell me how to make SSP log to a single file?  It might make it easier to trace where the breakdown is.

Thanks,
Elizabeth
SAML-tracer-export-2025-07-31T16_38_17.588Z.json

Tim van Dijen

unread,
Aug 4, 2025, 6:09:35 AMAug 4
to SimpleSAMLphp
It is complaining about a missing request parameter here... The request should contain something like ?entityID=xxx
Logging into a single file is the default, so I'm not sure what you're asking me precisely..  Check out the settings in `config.php` that start with `logging.*`

- Tim

Op maandag 4 augustus 2025 om 04:55:53 UTC+2 schreef Elizabeth Altman:

Peter Schober

unread,
Aug 4, 2025, 6:22:20 AMAug 4
to simple...@googlegroups.com
Elizabeth Altman <ealt...@gmail.com> [2025-08-04 04:55 CEST]:
> Just to be clear, we have only ONE IDP

Btw, then something else must be at fault, otherwise why would the
discopower module even be active?
In an earlier post it was shown that the 'idp' parameter that would
avoid any IDP Discovery is set:
https://groups.google.com/d/msgid/simplesamlphp/b851439f-74b1-4489-aa90-f7be96c5d541n%40googlegroups.com
so it's unclear to me why anything discovery-related would pop up
here -- unless maybe it's a side-effect of another error somewhere?

(Invoking a SAML Identity Provider Discovery Service when there is ever
only a single IDP to "select" from makes no sense, of course.)

-peter

Fabrice

unread,
Aug 10, 2025, 6:39:12 PMAug 10
to SimpleSAMLphp
Hi, 

Can you just replace in your authsources, "entityid" by "entityID" ?

thank you
fabrice.
Reply all
Reply to author
Forward
0 new messages