“Could not find the metadata of an IdP” with drupal and simplesamlphp_auth

authenticationdrupalsamlsimplesamlphp

I set up my SimpleSamlPhp(I have my IdP in another server) with Drupal. After logging into "http://localhost:31478/simplesaml/" as administrator, I ran "Test authentication sources" with my IdP, the screen of "SAML 2.0 SP Demo Example" screen with correct attributes was displayed. I guess it meant that SimpleSamlPhp and my Idp could see each other and were communicated properly.

However, when I tried to use Federated login with Drupal after turning on "Activate authentication via SimpleSAMLphp",I got the following error:

SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity ID 'tenant2.test.com' in sspmod_saml_Auth_Source_SP->getIdPMetadata() (line 134 of /var/www/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php).

SETTINGS

Drupal version is 8.
php version is 5.6.24-0.
simplesamlphp_auth module version is 8.x-3.0-alpha4+2-dev.
simplesamlphp_auth module was installed and enabled in Drupal. "Authentication source for this SP" was set to "default-sp" for simplesamlphp_auth module configuration

I have my simplesamlphp directory in /var. The following changes were made for enabling saml

/var/simplesamlphp/config/config.php


    'baseurlpath' => 'simplesaml/',
    ....
    'enable.saml20-sp'  => true,
    'enable.saml20-idp' => true,
    'enable.shib13-idp' => false,
    'enable.adfs-idp' => false,
    'enable.wsfed-sp' => false,
    'enable.authmemcookie' => false,
    ....
    'saml' => TRUE,
    ....
    ....
    'default-saml20-idp' => 'tenant2.test.com',
    ....
    'store.type'                    => 'memcache',
    ....
    ....
    'memcache_store.servers' => array(
        array(
            array('hostname' => 'localhost'),
        ),
    ),
    'memcache_store.prefix' => 'SimpleSAMLphp',
    ....
    .... 
    'trusted.url.domains' => array('localhost:31478'),

/var/simplesamlphp/config/authsources.php


    <?php
    $config = array(
        'admin' => array(
        'core:AdminPassword',
        ),

        'default-sp' => array(
            'saml:SP',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',       
        'entityID' => null,
        'idp' => 'tenant2.test.com',  
        'discoURL' => null,
    ),

    );

/var/simplesamlphp/metadata/saml20-idp-remote.php


    <?php
        $metadata['tenant2.test.com'] = array(
            'SingleSignOnService'  => 'https://tenant2.test.com/testSamlLogin',
            'AssertionConsumerService' => 'http://localhost:31478/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
            'SingleLogoutService'  => 'https://tenant2.test.com/admin/logout',
            'certFingerprint'      => '0a89aec59bf48e414ec050f6956891cb3f5b09a0',
        );

I have been trying to fix this problem for a few days. Did I missing anything?

Thank you.

Best Answer

Discovered this can also happen if the metadata includes an 'expire' key and the metadata is expired. Try commenting that out in your saml20-idp-remote.php metadata and seeing if you get a different error, because the error handling is skipped over.

Related Solutions

Php – SimpleSamlPhp as SP redirects incorrectly

There are some possible problems with your IdP metadata. SimpleSAMLphp includes a Metadata parser which does the work of converting the IdP configuration details to the required format for SimpleSAMLphp. This functionality is mentioned briefly in the SimpleSAMLphp documentation here: https://simplesamlphp.org/docs/1.8/simplesamlphp-sp#section_2

Based on your example above you should be able to access the metadata parser at https://www.fbjni.com/simplesaml/admin/metadata-converter.php.

In your particular example above, download the OneLogin metadata from https://app.onelogin.com/saml/metadata/391645 and copy this XML into the Metadata parser in your SimpleSAMLphp installation.

Once you've converted the metadata, replace your existing IdP configuration above with the output from the Metadata parser, which should look more like this:

$metadata['https://app.onelogin.com/saml/metadata/391645'] = array (
  'entityid' => 'https://app.onelogin.com/saml/metadata/391645',
  'contacts' => 
  array (
    0 => 
    array (
      'contactType' => 'technical',
      'surName' => 'Support',
      'emailAddress' => 
      array (
        0 => 'support@onelogin.com',
      ),
    ),
  ),
  'metadata-set' => 'saml20-idp-remote',
  'SingleSignOnService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
      'Location' => 'https://app.onelogin.com/trust/saml2/http-post/sso/391645',
    ),
    1 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
      'Location' => 'https://app.onelogin.com/trust/saml2/http-post/sso/391645',
    ),
    2 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
      'Location' => 'https://app.onelogin.com/trust/saml2/soap/sso/391645',
    ),
  ),
  'SingleLogoutService' => 
  array (
  ),
  'ArtifactResolutionService' => 
  array (
  ),
  'keys' => 
  array (
    0 => 
    array (
      'encryption' => false,
      'signing' => true,
      'type' => 'X509Certificate',
      'X509Certificate' => 'MIIEJjCCAw6gAwIBAgIUHyryf8tYCgBMvr2nihtEA3NFrQEwDQYJKoZIhvcNAQEF
BQAwXTELMAkGA1UEBhMCVVMxFjAUBgNVBAoMDUZhY2Vib29rIFRlc3QxFTATBgNV
BAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA0MDA1
ODAeFw0xNDAzMjYwMzA2NDNaFw0xOTAzMjcwMzA2NDNaMF0xCzAJBgNVBAYTAlVT
MRYwFAYDVQQKDA1GYWNlYm9vayBUZXN0MRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAx
HzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgNDAwNTgwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDjmCU+PbTPgsjgffG2cqTBzVTYOx80L07ZO2tGaqry
oCXJctP9fEcFleamose/+mg052wxStd84FpHwa2JC7sbHNeMIaBbA3b1XzFgNVJy
D2KjJK17ftYTm8EprtDPuCiMyHI3P2XGuz+i9BonxhUodgITa9FELqKAJU1GKtsJ
r4saGVlpYZgU9InYlGNohdkFfkbPSRiUeQoRhKYtYmM74maL7aGdXvSyXmUaa+n6
rl6MTMUCJj8tfs2CwqT1Ktc1wZTBRWUXcxi/02IP9AVXghhLcE1ES1tFV58FsvNN
Dtpigg9PFnRwAoC0HSMVEYh3VBx+TROqyGmM74i1yJGvAgMBAAGjgd0wgdowDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQU11p7PgInyRe7dHHUQMrbBfka8+cwgZoGA1Ud
IwSBkjCBj4AU11p7PgInyRe7dHHUQMrbBfka8+ehYaRfMF0xCzAJBgNVBAYTAlVT
MRYwFAYDVQQKDA1GYWNlYm9vayBUZXN0MRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAx
HzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgNDAwNTiCFB8q8n/LWAoATL69p4ob
RANzRa0BMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAv9Cwtv6V
ov6heh5b/u+hsFk9Lhva/jzOgbYAblWxDTgsvcehbYeZSO3XTqq5I3qx9XCqet4a
FdUetFMPk/cpcl9GahHhagvScn+ClbHVnrakRt/1/oDcrxi+6l+GT7yzg7MPoj6C
AIjmVdPhbWRiU3on6PkG95pfDq/hasCTHS3kVUJlv+Ge2rdiiIyVJmlak24UQVuN
2DznvY5jlUOIXXtCTLttu7YY5z9V0pSa0MdWDL3/mokGIjydR2DdHfkgyk2syjny
4+9ohie+oLKz1rv9OcAv+90WAYaltDoTSMYSG9W2rjeDh2NHYFuWxXOi08FPZfXo
DFLPLA0yYeSkFA==',
    ),
  ),
);

Additionally you should make some changes to your authsources.php configuration. The 'entityID' of your SP is typically the URL of your application, not the identifier of your chosen IdP. You can specify a default IdP for the SP as seen below:

'default-sp' => array(
    'saml:SP',
    'entityID' => 'https://www.fbjni.com/',
    'RelayState' => 'https://www.fbjni.com/',
    'idp' => 'https://app.onelogin.com/saml/metadata/391645'
),

Php – SimplesamlPHP error

I do severals mistake :

First don't use localhost do another virtualHost
Second you have to do a cert directory on the SP too
Tird the most important pray i
restart it 5 time for that it's work and i still don't understand why it's don't work the other time.

Best Answer

Related Solutions

Php – SimpleSamlPhp as SP redirects incorrectly

Php – SimplesamlPHP error

Related Topic