I have a SimpleSamlPHP implementation working as a Service Provider, so the workflow is as follows:
IdP sends assertion to my ACS URL:
/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
but then it looks like he authenticates and gets redirected to
/simplesaml/module.php/saml/sp/saml2-acs.php
which throws an error, as there is no authsource (the /default-sp part) specified:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 *\simplesamlphp\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: No authentication source with id false found.
Backtrace:
2 *\simplesamlphp\lib\SimpleSAML\Auth\Source.php:242 (SimpleSAML_Auth_Source::getById)
1 *\simplesamlphp\modules\saml\www\sp\saml2-acs.php:8 (require)
0 *\simplesamlphp\www\module.php:135 (N/A)
But, it also has a set of PHP errors output to page too:
Warning: array_key_exists(): The first argument should be either a string or an integer in *\simplesamlphp\lib\SimpleSAML\Configuration.php on line 314
Warning: Cannot modify header information - headers already sent by (output started at *\simplesamlphp\lib\SimpleSAML\Configuration.php:314) in *\simplesamlphp\lib\SimpleSAML\Error\Error.php on line 191
Warning: Cannot modify header information - headers already sent by (output started at *\simplesamlphp\lib\SimpleSAML\Configuration.php:314) in *\simplesamlphp\templates\includes\header.php on line 40
(I've taken out the directory path and replaced with * – it's not that normally)
I can't work out if it's a bug with SimpleSamlPHP or if it's (far more likely) an incorrect setup. My authsources and metadata is as follows:
saml20-idp-remote.php:
$metadata['https://app.onelogin.com/saml/metadata/391645'] = array(
'name' => 'FSSO',
'SingleSignOnService' => 'https://app.onelogin.com/trust/saml2/http-post/sso/391645',
'AssertionConsumerservice' => 'https://www.fbjni.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService' => 'https://www.fbjni.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
'certData' => '[rawCertificateData]'
);
authsources.php:
'default-sp' => array(
'saml:SP',
'RelayState' => 'https://www.fbjni.com/',
'entityID' => 'https://app.onelogin.com/saml/metadata/391645',
),
Best Answer
There are some possible problems with your IdP metadata. SimpleSAMLphp includes a Metadata parser which does the work of converting the IdP configuration details to the required format for SimpleSAMLphp. This functionality is mentioned briefly in the SimpleSAMLphp documentation here: https://simplesamlphp.org/docs/1.8/simplesamlphp-sp#section_2
Based on your example above you should be able to access the metadata parser at
https://www.fbjni.com/simplesaml/admin/metadata-converter.php
.In your particular example above, download the OneLogin metadata from
https://app.onelogin.com/saml/metadata/391645
and copy this XML into the Metadata parser in your SimpleSAMLphp installation.Once you've converted the metadata, replace your existing IdP configuration above with the output from the Metadata parser, which should look more like this:
Additionally you should make some changes to your authsources.php configuration. The 'entityID' of your SP is typically the URL of your application, not the identifier of your chosen IdP. You can specify a default IdP for the SP as seen below: