SimpleSAMLphp shows saml2-acs.php not found (error 404) when integrating with Microsoft Azure Directory SSO using SAML2

Question

I have created a link from my web directory such that https://resolute.organization.in/sso points to the simplesaml directory /var/www/simplesamlphp/www

My simpleSAML configuration page:

The complete link https://resolute.organization.in/sso/module.php/saml/sp/saml2-acs.php/default-sp shows 404 Not Found while testing Authentication Sources --> default-sp.

My config.php:

$config = ['baseurlpath' => 'https://resolute.organization.in/sso/',
          'secretsalt' => 'my_secret_salt',
          'auth.adminpassword' => 'my_admin_pass',
          ];

Rest all are default values in config.php

My authsources.php:

$config = [
    'admin' => [
         'core:AdminPassword',
    ],
    'default-sp' => [
        'saml:SP',
        'entityID' => 'https://resolute.organization.in/',
        'idp' => 'https://sts.windows.net/{some-unique-key}/', //From metadata.xml for the app with entity ID in AD as *https://resolute.organization.in/*
        'discoURL' => null,
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
        'simplesaml.nameidattribute' => 'eduPersonTargetedID',
    ],
]

My metadata array in saml20-idp-remote.php:

 $metadata['https://sts.windows.net/{some-unique-key}/'] = array (
   'entityid' => 'https://sts.windows.net/{some-unique-key}/',
   'contacts' =>
   array (
   ),
   'metadata-set' => 'saml20-idp-remote',
   'SingleSignOnService' =>
   array (
     0 =>
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
       'Location' => 'https://login.microsoftonline.com/{some-unique-key}/saml2',
     ),
     1 =>
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
       'Location' => 'https://login.microsoftonline.com/{some-unique-key}/saml2',
     ),
   ),
   'SingleLogoutService' =>
   array (
     0 =>
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
       'Location' => 'https://login.microsoftonline.com/{some-unique-key}/saml2',
     ),
   ),
   'ArtifactResolutionService' =>
   array (
   ),
   'NameIDFormats' =>
   array (
   ),
   'keys' =>
   array (
     0 =>
     array (
       'encryption' => false,
       'signing' => true,
       'type' => 'X509Certificate',
       'X509Certificate' => '{really_long_key}',
     ),
   ),
 );

My Federation page:

The [show metadata] link shows 404 as well, the link in the URL bar in this case is:

https://resolute.organization.in/sso/module.php/saml/sp/metadata.php/default-sp?output=xhtml

IdP metadata link shows the metadata array properly.

Please help me out with what am I missing here as I have been breaking my head over this for a few days now.

score 1 · Answer 1 · answered Jan 20 '20 at 18:29

1

Figured out the issue, it had something to do with Nginx server configuration that could not handle multiple php pages in one link. Switched to Apache and everything works fine.

answered Jan 20 '20 at 18:29

Rahul Pal

96
8

score 0 · Accepted Answer · answered Jul 25 '20 at 16:14

0

It depends on how php handles the url parameters and occurs when using php-fpm either with NGINX or Apache mpm_worker/event. In order to fix this, set cgi.fix_pathinfo=1 in php.ini

answered Jul 25 '20 at 16:14

Rahul Pal

96
8

SimpleSAMLphp shows saml2-acs.php not found (error 404) when integrating with Microsoft Azure Directory SSO using SAML2

2 Answers2