new to saml and trying to set up simplesamlphp idp against testshib.org sp
153 views
Skip to first unread message
deve...@ziiva.com
Sep 12, 2016, 9:44:25 AM9/12/16
to SimpleSAMLphp
I'm new to SAML. I was trying to test out the simplest configuration possible. I set up a simplesamlphp idp with a static authentication source. SimpleSamlPHP produced this metadata file. I've removed the X509Certificate keys for brevity. I wanted to test my installation against a testshib.org SP. After I register my idp with testshib.org by uploading my metadata file (and configuring my idp with details of the remote SP) I get the following error:
2016-09-12 09:25:06 WARN Shibboleth.SessionInitiator.SAML2 [1661]: unable to locate metadata for provider (http://saml.ziivadev.com/simplesaml/saml2/idp/metadata.php)
In the list of current entities for testshib.org, I see my entity ID: http://saml.ziivadev.com/simplesaml/saml2/idp/metadata.php
I'm guessing something is wrong with my metadata file. According to testshib.org, I'm supposed to upload my SAML 2.0 metadata.
Here's my descriptor XML file I uploaded to testshib.org.
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="http://saml.ziivadev.com/simplesaml/saml2/idp/metadata.php">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>KEY GOES HERE</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>KEY GOES HERE</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://saml.ziivadev.com/simplesaml/saml2/idp/SingleLogoutService.php"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://saml.ziivadev.com/simplesaml/saml2/idp/SSOService.php"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>Administrator</md:GivenName>
<md:EmailAddress>deve...@ziiva.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
If you'd like me to provide other config files, let me know.
Peter Schober
Sep 12, 2016, 10:24:04 AM9/12/16
to SimpleSAMLphp
* deve...@ziiva.com <deve...@ziiva.com> [2016-09-12 15:44]:
know it (it does, above) then that's something to take up with the
friendly testshib operators, via the Shibboleth users mailing list,
http://shibboleth.net/community/lists.html
Best regards,
-peter
> 2016-09-12 09:25:06 WARN Shibboleth.SessionInitiator.SAML2 [1661]: unable
> to locate metadata for provider
> (http://saml.ziivadev.com/simplesaml/saml2/idp/metadata.php)
If that's your entityID and the testshib SP software says it doesn't
> to locate metadata for provider
> (http://saml.ziivadev.com/simplesaml/saml2/idp/metadata.php)
know it (it does, above) then that's something to take up with the
friendly testshib operators, via the Shibboleth users mailing list,
http://shibboleth.net/community/lists.html
Best regards,
-peter
Reply all
Reply to author
Forward
0 new messages