4

I'm running the Spring Security SAML Extension sample program and I'm able to generate the Service Provider metadata. However, when I try to import the SP metadata to SSOCircle, I get the following error:

Meta Data Import

Your data could not be imported Reason:

DefaultValidationEventHandler: [FATAL_ERROR]: Unexpected end of element {urn:oasis:names:tc:SAML:2.0:metadata}:Extensions Location: line 4 Entity descriptor "localhost" under realm "/" has invalid syntax.

I tried following the suggestions in this post, but when I turn off discovery, it no longer shows the page and SSOCircle is shown and it says: Error occurred Reason: The SAML Request is invalid.

Any ideas on what I'm doing wrong? BTW, I'm using the 1.0.0.RELEASE version of the SAML Extension.

Thanks!

NuAlphaMan
  • 713
  • 4
  • 12
  • 25
  • Please add the metadata you're importing into your question. – Vladimír Schäfer Sep 17 '14 at 09:30
  • Hi, i don't know about you. but one thing to clarify with you is about SAML integration with spring security. Have you done SAML integration? because i stuck on that from 5 days. i have two web portals and i wanna integrate them to SAML i.e single sign on. am using spring mvc . i want to get saml with spring security . can you please tell me about that. thanks in advance – –  Feb 12 '15 at 08:42

1 Answers1

5

Make sure that property includeDiscoveryExtension is set to false on your MetadataGenerator bean. When enabled, this setting generates an Extensions element which is problematic with SSOCircle. Then verify that the generated metadata doesn't really include any Extensions element.

You might also be trying to import an SP with entity identifier which already exists in SSOCircle. So make sure to set a unique entityId for your SP by setting property entityId on MetadataGenerator bean to e.g. urn:nualphaman:test.

Vladimír Schäfer
  • 15,375
  • 2
  • 51
  • 71
  • Setting the property `includeDiscoveryExtension` to false on the `MetadataGenerator` bean worked. However, I had to click the **Download entity metadata** button and use that metadata for the import. After doing a file comparison, I found that the only difference was the `entityId` was set with the value I set in the securityContext.xml instead of the generated value of localhost. – NuAlphaMan Sep 17 '14 at 13:29
  • The includeDiscoveryExtension property appears to be false by default after perusing the source code. version=1.0.2 – Jim Kennedy Nov 08 '16 at 18:55