4

I am working on SSO authentification system using SAML2 protocol. Since i do not have the real IDP informations yet, i needed test environment so i used this docker image which worked like a charm. I am able to access it through localhost:8080 without any problem and also to log in with test account.

But then, when i try to log into my SP (the website i am working on), though i am well redirected to the idp at localhost:8080/simplesaml/saml2/idp/SSOService.php, i got an error telling me metadata not found. here is the stack trace : 

SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'\'')

Backtrace:
    3 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:300 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
    2 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:320 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
    1 modules/saml/lib/IdP/SAML2.php:330 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
    0 www/saml2/idp/SSOService.php:19 (N/A)

Did anybody ever faced the same one ? Because i don't really understand where SimpleSAMLphp try to get those metadata.

NOTE :

  • I am manually able to find metadata at localhost:8080/simplesaml/saml2/idp/metadata.php

  • It is an old project i am working for and it is a fork of symfony 1 so i can't use more recent plugins. So for SSO i use this plugin on service provider side.

PopHip
  • 700
  • 6
  • 23

1 Answers1

1

Finally solved. The Authn Request i sent contained empty "issuer" field and this one was needed on idp side since simpleSAMLphp seemes to store SP Metadata in an array like Metdata['spName']. So of course their was no entry for the empty string as key.

PopHip
  • 700
  • 6
  • 23
  • How exactly have you set the metadate to your SP / sent it to IDP? –  Dec 06 '19 at 16:32
  • Have a look at links i posted, about the docker image i used and the plugin to generate saml request, everything is detailed into their doc. For the SP metadata on idp side you don't really need tho create an xml metadata file in this case since the docker image is able to use environment variables. This is just a POC, not something i would run in production – PopHip Dec 07 '19 at 10:05
  • Thanks. The module I'm using require the SP metadata in an endpoint –  Dec 07 '19 at 14:28
  • 1
    If you don't need something that will change you can always use this tool to generate your sp metadata : https://www.samltool.com/sp_metadata.php – PopHip Dec 09 '19 at 09:37
  • The solution should be included in the answer and not in volatile external links/docs. – lilalinux Feb 28 '20 at 08:02