CODEWITHSUNDEEP
phpsamlsaml-2.0simplesamlphp
Jacob Poul Richardt
Jacob Poul Richardt

Reputation: 3143

Why is the user always redirected to simpleSAMLphp installation front page?

I'm having a bit of trouble setting up a simpleSAMLphp service provider for the first time.

I configured the service provider like this:

'***' => array(
        'saml:SP',
        'redirect.validate' => true,
        'redirect.sign' => true,
        'privatekey' => '***.key',
        'certificate' => '***.crt',
        'entityID' => 'https://***',
        'idp' => 'https://***',
        'attributes' => array(
            'eduPersonTargetedID',
            'GivenName',
            'SurName',
            'mail',
            'eduPersonScopedAffiliation',
            'schacHomeOrganization',
        ),
        'attributes.required' => array (
            'eduPersonTargetedID',
            'GivenName',
            'SurName',
            'mail',
            'eduPersonScopedAffiliation',
            'schacHomeOrganization',
        ),
    ),

I have also configured the identity provider, and it seems to be working fine. But when the user is redirected from the idp back to simpleSAMLphp, the simpleSAMLphp installation page is shown (the one that have some test tools).

My test uses this code:

require_once('../../lib/_autoload.php');

$simpleSaml= new SimpleSAML_Auth_Simple("***");

$simpleSaml->requireAuth(array(
    'ReturnTo' => 'https://***/test.php',
    'KeepPost' => FALSE,
));

$attributes = $simpleSaml->getAttributes();

When I try to login with the "Test configured authentication sources" tool, I'm also sent back the installation front page instead of the attribute overview I should get.

I tried to check the POST sent from the idp and was able to check it with this tool: http://www.ssocircle.com/en/1203/saml-request-online-decoder-encoder/
As far as I could see there where no errors and the users attributes were returned from the service.

So what am I doing wrong?

Upvotes: 2

Views: 4220

Answers (2)

Jacob Poul Richardt
Jacob Poul Richardt

Reputation: 3143

I ended up getting the SP metadata autogenerated, and that fixed the problem, not sure where the error in the metadata was.

Upvotes: 0

Andrew K.
Andrew K.

Reputation: 3341

I'm not a wiz on SimpleSAMLphp, and though you tested the assertion, I don't see an example authnRequest, nor an example assertion... So, basically what I'm saying is that my response is all guess work.

I see the list of attributes and stuff you're passing... But has the SP passed a RelayState?

From the SimpleSAMLphp Doc:
RelayState The page the user should be redirected to after an IdP initiated SSO. Note: SAML 2 specific. For SAML 1.1 SPs, you must specify the TARGET parameter in the authentication response. How to set that parameter is depends on the IdP. For simpleSAMLphp, see the documentation for IdP-first flow.

Upvotes: 1

Related Questions