SimpleSAMLphp Cannot retrieve metadata for IdP 'http://simpleidp/simplesaml/saml2/idp/metadata.php' because it isn't a valid IdP for this SP

Question

I'm stuck with error simplesamlPHP SimpleSAML_Error_Error: UNHANDLEDEXCEPTION Backtrace: 0 /var/www/simplesp/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP 'http://URLIDP/simplesaml/saml2/idp/metadata.php' because it isn't a valid IdP for this SP. Backtrace: 2 /var/www/simplesp/modules/saml/lib/Auth/Source/SP.php:112 (sspmod_saml_Auth_Source_SP::getIdPMetadata) 1 /var/www/simplesp/modules/saml/www/sp/saml2-acs.php:91 (require) 0 /var/www/simplesp/www/module.php:137 (N/A)

Config for me with SP :

/var/www/simplesp/metadata/saml20-idp-remote.php

$metadata['URLIDP'] = array(
    'SingleSignOnService'  => 'URLIDP/simplesaml/saml2/idp/SSOService.php',
    'SingleLogoutService'  => 'URLIDP/simplesaml/saml2/idp/SingleLogoutService.php',
    'certFingerprint'      => 'c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb'
);

Config for me with Idp : /var/www/simpleidp/metadata/saml20-sp-remote.php

$metadata['URLSP/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array(
    'SingleLogoutService' =>
        array(
            0 =>
                array(
                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                    'Location' => 'URLSP/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
                ),
        ),
    'AssertionConsumerService' =>
        array(
            0 =>
                array(
                    'index' => 0,
                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
                    'Location' => 'URLSP/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
                ),
            1 =>
                array(
                    'index' => 1,
                    'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
                    'Location' => 'URLSP/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp',
                ),
            2 =>
                array(
                    'index' => 2,
                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
                    'Location' => 'URLSP/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
                ),
            3 =>
                array(
                    'index' => 3,
                    'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
                    'Location' => 'URLSP/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact',
                ),
        ),

);

Can help me resolve problem ?

Answer 1

On the SP you have it configured to think the IdP's EntityID is URLIDP. The error message shows that the IdP thinks its EntityID is http://URLIDP/simplesaml/saml2/idp/metadata.php. Those two should match. You can update saml20-idp-remote.php on the SP with the correct value (e.g update the key in the $metadata array).

Answer 2

It looks like its not parsing your metadata file. Make sure your saml20-sp-remote.php file starts with the line

<?php

So it knows its PHP. If you've created a new file from the output of the metadata parser, it doesn't add this for you. The fragment it gives you is expected to be pasted into an existing php file.

It worked for me.