CODEWITHSUNDEEP
authenticationdrupalsamlsimplesamlphp
binaryatwork
binaryatwork

Reputation: 61

"Could not find the metadata of an IdP" with drupal and simplesamlphp_auth

I set up my SimpleSamlPhp(I have my IdP in another server) with Drupal. After logging into "http://localhost:31478/simplesaml/" as administrator, I ran "Test authentication sources" with my IdP, the screen of "SAML 2.0 SP Demo Example" screen with correct attributes was displayed. I guess it meant that SimpleSamlPhp and my Idp could see each other and were communicated properly.

However, when I tried to use Federated login with Drupal after turning on "Activate authentication via SimpleSAMLphp",I got the following error:

SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity ID 'tenant2.test.com' in sspmod_saml_Auth_Source_SP->getIdPMetadata() (line 134 of /var/www/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php).

SETTINGS

I have my simplesamlphp directory in /var. The following changes were made for enabling saml

/var/simplesamlphp/config/config.php


    'baseurlpath' => 'simplesaml/',
    ....
    'enable.saml20-sp'  => true,
    'enable.saml20-idp' => true,
    'enable.shib13-idp' => false,
    'enable.adfs-idp' => false,
    'enable.wsfed-sp' => false,
    'enable.authmemcookie' => false,
    ....
    'saml' => TRUE,
    ....
    ....
    'default-saml20-idp' => 'tenant2.test.com',
    ....
    'store.type'                    => 'memcache',
    ....
    ....
    'memcache_store.servers' => array(
        array(
            array('hostname' => 'localhost'),
        ),
    ),
    'memcache_store.prefix' => 'SimpleSAMLphp',
    ....
    .... 
    'trusted.url.domains' => array('localhost:31478'),

/var/simplesamlphp/config/authsources.php


    <?php
    $config = array(
        'admin' => array(
        'core:AdminPassword',
        ),

        'default-sp' => array(
            'saml:SP',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',       
        'entityID' => null,
        'idp' => 'tenant2.test.com',  
        'discoURL' => null,
    ),

    );

/var/simplesamlphp/metadata/saml20-idp-remote.php


    <?php
        $metadata['tenant2.test.com'] = array(
            'SingleSignOnService'  => 'https://tenant2.test.com/testSamlLogin',
            'AssertionConsumerService' => 'http://localhost:31478/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
            'SingleLogoutService'  => 'https://tenant2.test.com/admin/logout',
            'certFingerprint'      => '0a89aec59bf48e414ec050f6956891cb3f5b09a0',
        );

I have been trying to fix this problem for a few days. Did I missing anything?

Thank you.

Upvotes: 6

Views: 12789

Answers (4)

Sajjad Ali
Sajjad Ali

Reputation: 11

This issue is fixed, add simplesamlphp_dir in settings.php

$settings['simplesamlphp_dir'] = '/var/www/mysite/docroot/simplesaml';

Upvotes: 1

user10301971
user10301971

Reputation: 41

Discovered this can also happen if the metadata includes an 'expire' key and the metadata is expired. Try commenting that out in your saml20-idp-remote.php metadata and seeing if you get a different error, because the error handling is skipped over.

Upvotes: 4

Daryl
Daryl

Reputation: 792

This message means, the Entity ID of the Identity Provider (IdP) is incorrect and/or not found in the Metadata.

  1. Incorrect in config/authsources.php
  2. Not found in metadata/saml20-idp-remote.php

The 'entityID' listed in the authsources is referring to the Service Provider (SP). Which in your example is the 'default-sp'. Changing this 'entityID' will not solve your problem, since what would change the Entity ID the Service Provider.

The Entity ID of the Identity Provider (IdP) is specified in the 'idp' field. Your 'idp is set to 'tenant2.test.com'. This value is probably missing some information. An Identity Provider's entity ID is usually much longer. Below is an example of what you might see on the Federation Front Page of a SimpleSAMLphp Identity Provider (IdP).

SAML 2.0 IdP Metadata
Entity ID: https://samlidp.example.com/simplesaml/saml2/idp/metadata.php

I would look at your Metadata for the Identity Provider and update the 'idp' field of the authsources file to have the complete Entity ID.

The Entity ID of the Identity Provider (IdP) is also usually included in the metadata/saml20-idp-remote.php. I do not see it in your example. So I would update both the authsources and the metadata in this example.

Upvotes: 2

Ranjan
Ranjan

Reputation: 448

Did you try to put tenant2.test.com in place of null for 'entityID'?

Upvotes: 0

Related Questions