simplesamlphp
simplesamlphp copied to clipboard
simplesamlphp
SimplesamlPHP - Could not find any default metadata entities in set [saml20-idp-hosted] for host [xxx.com : xxx.xxx/synovus/third_party/saml/public]
I'm getting the following error when ever I try to click on the link
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION Backtrace: 1 src/SimpleSAML/Error/ExceptionHandler.php:32 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler) 0 [builtin] (N/A)
Caused by: Exception: Could not find any default metadata entities in set [saml20-idp-hosted] for host [cfgroup.com : cfgroup.com/synovus/third_party/saml/public]
I dont know what to do now here are my config files .
1- config/config.php
'https://cfgroup.com/synovus/third_party/saml/public', ] 2- saml20-idp-remote.php $metadata['https://cfgroup.com/synovus/third_party/saml/public'] = array( 'entityid' => 'https://cfgroup.com/synovus/third_party/saml/public', 'SingleSignOnService' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php', 'SingleLogoutService' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SingleLogoutService.php',); 3- authsources.php 'default-sp' => [ 'saml:SP', 'entityID' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/metadata.php', 'idp' => 'https://cfgroup.com', 'discoURL' => null, 'proxymode.passAuthnContextClassRef' => false, ],
You have to give me some more info, because you have an SP-configuration in authsources.php, but on the other hand SimpleSAMLphp is looking for hosted idp metadata.. It doesn't make much sense. What are you trying to achieve?
The questions in the issue-template are there for a reason ;)
@tvdijen yes I've get the meta data from client and added the configuration but when i click the link the login comeback with samltoken but the page goes in inifinte redirection loop
https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php?spentityid=CLFN&RelayState=https://formspipe.ipipeline.com/?GAID=7276
in the network stack I see this
I think this is because of your Referer Policy.. Should be origin-when-cross-origin
Would you like to see the config ? I'm still stuck with the issue its in redirect loop
Sure, I'd be interested to see the session- and session cookie configuration. Also any security-headers you may have configured in your webserver.
Also, you could make a SAML-trace using the SAML-tracer addon for Firefox/Chrome.
I'm new to SAML this is my first time I'm integrating it but let me share the configs so you can have a look at it this is my saml20-idp-hosted.php file in metadata `$metadata['https://cfgroup.com'] = [
'host' => '__DEFAULT__',
'auth' => 'federate.ipipeline.com:saml2',
];
$metadata['federate.ipipeline.com:saml2'] = [
'host' => '__DEFAULT__',
'auth' => 'federate.ipipeline.com:saml2',
];`
this is my saml20-idp-remote.php file
$metadata['federate.ipipeline.com:saml2'] = array( 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'federate.ipipeline.com:saml2', 'SingleSignOnService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php', ), ), 'SingleLogoutService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SingleLogoutService.php', ), ), 'certData' => 'private.cert', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'contacts' => array( 0 => array( 'emailAddress' => '[email protected]', 'contactType' => 'technical', 'givenName' => 'Administrator', ), ), );
this is my saml20-sp-remote.php file
$metadata['federate.ipipeline.com:saml2'] = array( 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'federate.ipipeline.com:saml2', 'AssertionConsumerService' => 'https://federate.ipipeline.com/sp/ACS.saml2', 'SingleSignOnService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php', ), ), 'SingleLogoutService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SingleLogoutService.php', ), ), 'certData' => 'private.cert', 'contacts' => array( 0 => array( 'emailAddress' => '[email protected]', 'contactType' => 'technical', 'givenName' => 'Administrator', ), ), );
this is my authsources.php
` admin => [
'core:AdminPassword',
],
'default-sp' => [
'saml:SP',
// The entity ID of this SP.
// 'entityID' => 'https://cfgroup.com/synovus/third_party/saml/public',
'entityID' => 'federate.ipipeline.com:saml2',
// The entity ID of the IdP this SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// 'idp' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/metadata.php',
'idp' => null,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
/*
* If SP behind the SimpleSAMLphp in IdP/SP proxy mode requests
* AuthnContextClassRef, decide whether the AuthnContextClassRef will be
* processed by the IdP/SP proxy or if it will be passed to the original
* IdP in front of the IdP/SP proxy.
*/
'proxymode.passAuthnContextClassRef' => false,
],
'federate.ipipeline.com:saml2' => [
'saml:SP',
// The entity ID of this SP.
// 'entityID' => 'https://cfgroup.com/synovus/third_party/saml/public',
'entityID' => 'federate.ipipeline.com:saml2',
// The entity ID of the IdP this SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// 'idp' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/metadata.php',
'idp' => "federate.ipipeline.com:saml2",
'discoURL' => null,
'proxymode.passAuthnContextClassRef' => false,
],`
**I'm not able to understand why its stuck in redirection loop please help me to fix it **