0

I am trying to implement a service provider in PHP, that should be authenticating against a corporate IDP server, running a Novell Access Manager.

I am currently using a SimpleSaml PHP library. I have generated SP description using a builtin metadata converter, and my SP seems to work fine with the Feide.no (opensso service), but it seems that no matter what I do, I receive a following error:

Error:Unable to complete request at this time. (Request was from an untrusted provider-0ED8BD1F9373A4F0)

I am pretty sure that I understand the flow of the requests, but nothing seems to resolve the issue above.

Val
  • 1
  • 1
  • I'm not familiar with simple saml but it looks like your SP doesn't trust their IdP. You need to add in their metadata and/or cert. – tom Nov 02 '13 at 15:02

1 Answers1

0

I am not 100% familiar with the error. Normally in SAML2 SSO, IDP signs SAML response or assertion with IDP's private key. Then SP validates it. It means you want to import IDP public certificate (if certificate is a self signed one) or else CA root certificate chain in to the SP. Also, there is element called "issuer" in the saml response and assertion, some times SP may validate it as well.

Asela
  • 5,781
  • 1
  • 15
  • 23