SimpleSAML\Error\Error: DISCOPARAMS
61 views
Skip to first unread message
Elizabeth Altman
Jun 10, 2025, 8:00:04 PMJun 10
to SimpleSAMLphp
Hi,
I have installed 2.4.1 in preparation for using it with Drupal Simplesamlphp_auth.
The regular shortcut page /simplesaml is fine, but the discopower module url is throwing errors, starting with
Backtrace: 5 modules/discopower/src/Controller/DiscoPower.php:28 (SimpleSAML\Module\discopower\Controller\DiscoPower::main) 4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:17 (N/A) Caused by: Exception: Missing parameter: entityID Backtrace: 7 src/SimpleSAML/XHTML/IdPDisco.php:130 (SimpleSAML\XHTML\IdPDisco::__construct) 6 modules/discopower/src/PowerIdPDisco.php:68 (SimpleSAML\Module\discopower\PowerIdPDisco::__construct) 5 modules/discopower/src/Controller/DiscoPower.php:22 (SimpleSAML\Module\discopower\Controller\DiscoPower::main) 4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:17 (N/A)
I am unclear which entityID parameter is missing, since I have completely configured authsources.php, config.php and saml20-idp-remote.php.
Do I need to make sure my IDP is recognizing my server before this works? I'm just trying to get the initial installation squared away.
Backtrace: 5 modules/discopower/src/Controller/DiscoPower.php:28 (SimpleSAML\Module\discopower\Controller\DiscoPower::main) 4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:17 (N/A) Caused by: Exception: Missing parameter: entityID Backtrace: 7 src/SimpleSAML/XHTML/IdPDisco.php:130 (SimpleSAML\XHTML\IdPDisco::__construct) 6 modules/discopower/src/PowerIdPDisco.php:68 (SimpleSAML\Module\discopower\PowerIdPDisco::__construct) 5 modules/discopower/src/Controller/DiscoPower.php:22 (SimpleSAML\Module\discopower\Controller\DiscoPower::main) 4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:17 (N/A)
I am unclear which entityID parameter is missing, since I have completely configured authsources.php, config.php and saml20-idp-remote.php.
Do I need to make sure my IDP is recognizing my server before this works? I'm just trying to get the initial installation squared away.
Thanks,
Elizabeth
Tim van Dijen
Jun 11, 2025, 6:20:14 AMJun 11
to SimpleSAMLphp
Hi Elizabeth!
I suspect you are migrating from a previous version and copied the saml20-idp-remote.php file.
All entries in that file need an `entityID` key set. This used to be the array-key for the entry, so you can copy it from there.
I suspect you are migrating from a previous version and copied the saml20-idp-remote.php file.
All entries in that file need an `entityID` key set. This used to be the array-key for the entry, so you can copy it from there.
Alternatively you can run the metadata from your remote IDPs through the metadata-converter again.
- Tim
Op woensdag 11 juni 2025 om 02:00:04 UTC+2 schreef Elizabeth Altman:
Elizabeth Altman
Jul 7, 2025, 7:39:27 PMJul 7
to SimpleSAMLphp
Hi Tim,
I'm not clear what you mean by "All entries" -- there's only one.
Here's a snippet:
$metadata['entity-id-1'] = [
'entityid' => 'urn:mace:incommon:csun.edu',
'description' => [
'en' => 'California State University, Northridge',
],
'OrganizationName' => [
'en' => 'California State University, Northridge',
Here's a snippet:
$metadata['entity-id-1'] = [
'entityid' => 'urn:mace:incommon:csun.edu',
'description' => [
'en' => 'California State University, Northridge',
],
'OrganizationName' => [
'en' => 'California State University, Northridge',
Do I need to put additional entityIDs inside the nodes for 'SingleSignOnService' and 'SingleLogoutService'?
Is there an example file I can look at?
- Elizabeth
Kevin Sandy
Jul 8, 2025, 6:44:02 AMJul 8
to simple...@googlegroups.com
Do you have an entityID set in your auth source in authsources.php?
-- kevin
--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
https://simplesamlphp.org/support
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
Make sure to read the documentation:
https://simplesamlphp.org/docs/stable/
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/simplesamlphp/ca251fc9-6f77-4271-98f9-c2a0df83040en%40googlegroups.com.
Tim van Dijen
Jul 14, 2025, 12:24:41 PMJul 14
to SimpleSAMLphp
Hi Elizabeth!
I think Kevin is spot-on here.. entityid versus entityID.
- Tim
Op dinsdag 8 juli 2025 om 12:44:02 UTC+2 schreef ke...@digitallotus.com:
Elizabeth Altman
Jul 28, 2025, 3:33:05 AMJul 28
to SimpleSAMLphp
Hello,
Backtrace: 5 modules/discopower/src/Controller/DiscoPower.php:28 (SimpleSAML\Module\discopower\Controller\DiscoPower::main)
Yes I have an entityID statement in authsources.php. It looks like this:
'default-sp' => [
'saml:SP',
// The entity ID of this SP.
'entityid' => 'https://server.domain.edu',
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
// The entity ID of the IdP this SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => 'urn:mace:incommon:csun.edu',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => '/simplesaml/module.php/discopower/disco.php',
I tried changing it to entityID, restarted httpd and still have an error at the discoURL.
'default-sp' => [
'saml:SP',
// The entity ID of this SP.
'entityid' => 'https://server.domain.edu',
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
// The entity ID of the IdP this SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => 'urn:mace:incommon:csun.edu',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => '/simplesaml/module.php/discopower/disco.php',
I tried changing it to entityID, restarted httpd and still have an error at the discoURL.
Also tried changing discoURL to null
Once again, that error is:
Backtrace: 5 modules/discopower/src/Controller/DiscoPower.php:28 (SimpleSAML\Module\discopower\Controller\DiscoPower::main)
4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw)
3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle)
2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)
Caused by: Exception: Missing parameter: entityID
Backtrace:
7 src/SimpleSAML/XHTML/IdPDisco.php:130 (SimpleSAML\XHTML\IdPDisco::__construct)
6 modules/discopower/src/PowerIdPDisco.php:68 (SimpleSAML\Module\discopower\PowerIdPDisco::__construct)
5 modules/discopower/src/Controller/DiscoPower.php:22 (SimpleSAML\Module\discopower\Controller\DiscoPower::main)
4 vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw)
3 vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle)
2 vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)
Message has been deleted
Tim van Dijen
Jul 28, 2025, 8:12:02 AMJul 28
to SimpleSAMLphp
Hi Elizabeth,
Can you share a SAML-trace with me? I'm struggling to understand why it is missing a HTTP request parameter...
- Tim
Op maandag 28 juli 2025 om 09:33:05 UTC+2 schreef Elizabeth Altman:
Elizabeth Altman
Aug 3, 2025, 10:55:53 PMAug 3
to SimpleSAMLphp
Hi Tim,
I'm not sure what you want me to trace -- the saml trace record just loading https://librarydev.csun.edu/simplesaml/module.php/discopower/disco.php contains a 500 error. I'm attaching it anyway.
Just to be clear, we have only ONE IDP, and reviewing our previous messages yes I did copy the saml20-idp-remote.php from our current instance (which is running 2.4 and works). But I'm not sure what the proper current format of saml20-idp-remote.php is. The file starts with
$metadata['urn:mace:incommon:csun.edu']
Just to be clear, we have only ONE IDP, and reviewing our previous messages yes I did copy the saml20-idp-remote.php from our current instance (which is running 2.4 and works). But I'm not sure what the proper current format of saml20-idp-remote.php is. The file starts with
$metadata['urn:mace:incommon:csun.edu']
and includes
'entityID' => 'urn:mace:incommon:csun.edu',
and other minimum requirements.
Instead of
'certificate' => 'example.pem',
it's
'keys' => [
[
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => [BIG LONG HASH]
],
[
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => [BIG LONG HASH]
],
Otherwise, I think it's all the same.
Another question -- there is very little about logging. Is there a way to set up a single file to collect SSP logs?
Thank you!
Elizabeth
Elizabeth Altman
Aug 3, 2025, 10:56:02 PMAug 3
to SimpleSAMLphp
Hi Tim,
I thought I replied, but I don't see the message yet, so I'm trying again.
The SAML trace shows a 500 error but I"m attaching it anyway.
Also, can you tell me how to make SSP log to a single file? It might make it easier to trace where the breakdown is.
Thanks,
Elizabeth
Tim van Dijen
Aug 4, 2025, 6:09:35 AMAug 4
to SimpleSAMLphp
It is complaining about a missing request parameter here... The request should contain something like ?entityID=xxx
Logging into a single file is the default, so I'm not sure what you're asking me precisely.. Check out the settings in `config.php` that start with `logging.*`
- Tim
Op maandag 4 augustus 2025 om 04:55:53 UTC+2 schreef Elizabeth Altman:
Peter Schober
Aug 4, 2025, 6:22:20 AMAug 4
to simple...@googlegroups.com
Elizabeth Altman <ealt...@gmail.com> [2025-08-04 04:55 CEST]:
discopower module even be active?
In an earlier post it was shown that the 'idp' parameter that would
avoid any IDP Discovery is set:
https://groups.google.com/d/msgid/simplesamlphp/b851439f-74b1-4489-aa90-f7be96c5d541n%40googlegroups.com
so it's unclear to me why anything discovery-related would pop up
here -- unless maybe it's a side-effect of another error somewhere?
(Invoking a SAML Identity Provider Discovery Service when there is ever
only a single IDP to "select" from makes no sense, of course.)
-peter
> Just to be clear, we have only ONE IDP
Btw, then something else must be at fault, otherwise why would the
discopower module even be active?
In an earlier post it was shown that the 'idp' parameter that would
avoid any IDP Discovery is set:
https://groups.google.com/d/msgid/simplesamlphp/b851439f-74b1-4489-aa90-f7be96c5d541n%40googlegroups.com
so it's unclear to me why anything discovery-related would pop up
here -- unless maybe it's a side-effect of another error somewhere?
(Invoking a SAML Identity Provider Discovery Service when there is ever
only a single IDP to "select" from makes no sense, of course.)
-peter
Fabrice
Aug 10, 2025, 6:39:12 PMAug 10
to SimpleSAMLphp
Hi,
Can you just replace in your authsources, "entityid" by "entityID" ?
thank you
fabrice.
Reply all
Reply to author
Forward
0 new messages