Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SimplesamlPHP - Could not find any default metadata entities in set [saml20-idp-hosted] for host [xxx.com : xxx.xxx/synovus/third_party/saml/public] #2061

Open
esssalman opened this issue Apr 23, 2024 · 6 comments
Open

SimplesamlPHP - Could not find any default metadata entities in set [saml20-idp-hosted] for host [xxx.com : xxx.xxx/synovus/third_party/saml/public] #2061

esssalman opened this issue Apr 23, 2024 · 6 comments

Comments

@esssalman
Copy link

esssalman commented Apr 23, 2024
edited

I'm getting the following error when ever I try to click on the link

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION Backtrace: 1 src/SimpleSAML/Error/ExceptionHandler.php:32 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler) 0 [builtin] (N/A)

Caused by: Exception: Could not find any default metadata entities in set [saml20-idp-hosted] for host [cfgroup.com : cfgroup.com/synovus/third_party/saml/public]

I dont know what to do now here are my config files .

1- config/config.php

'https://cfgroup.com/synovus/third_party/saml/public', ] 2- saml20-idp-remote.php $metadata['https://cfgroup.com/synovus/third_party/saml/public'] = array( 'entityid' => 'https://cfgroup.com/synovus/third_party/saml/public', 'SingleSignOnService' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php', 'SingleLogoutService' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SingleLogoutService.php',); 3- authsources.php 'default-sp' => [ 'saml:SP', 'entityID' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/metadata.php', 'idp' => 'https://cfgroup.com', 'discoURL' => null, 'proxymode.passAuthnContextClassRef' => false, ],
@tvdijen
Copy link
Member

tvdijen commented Apr 23, 2024

You have to give me some more info, because you have an SP-configuration in authsources.php, but on
the other hand SimpleSAMLphp is looking for hosted idp metadata.. It doesn't make much sense. What are you trying to achieve?

The questions in the issue-template are there for a reason ;)

@EssDevUi
Copy link

@tvdijen
yes I've get the meta data from client and added the configuration but when i click the link the login comeback with samltoken but the page goes in inifinte redirection loop

https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php?spentityid=CLFN&RelayState=https://formspipe.ipipeline.com/?GAID=7276

image

in the network stack I see this

image

@tvdijen
Copy link
Member

tvdijen commented Apr 24, 2024

I think this is because of your Referer Policy.. Should be origin-when-cross-origin

@EssDevUi
Copy link

Would you like to see the config ? I'm still stuck with the issue its in redirect loop

@tvdijen
Copy link
Member

tvdijen commented Apr 26, 2024
edited

Sure, I'd be interested to see the session- and session cookie configuration.
Also any security-headers you may have configured in your webserver.

Also, you could make a SAML-trace using the SAML-tracer addon for Firefox/Chrome.

@EssDevUi
Copy link

I'm new to SAML this is my first time I'm integrating it but let me share the configs so you can have a look at it
this is my
saml20-idp-hosted.php file in metadata
`$metadata['https://cfgroup.com'] = [

'host' => '__DEFAULT__',


'auth' => 'federate.ipipeline.com:saml2',

  ];
 $metadata['federate.ipipeline.com:saml2'] = [

'host' => '__DEFAULT__',


'auth' => 'federate.ipipeline.com:saml2',

 ];`

this is my
saml20-idp-remote.php file

$metadata['federate.ipipeline.com:saml2'] = array( 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'federate.ipipeline.com:saml2', 'SingleSignOnService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php', ), ), 'SingleLogoutService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SingleLogoutService.php', ), ), 'certData' => 'private.cert', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'contacts' => array( 0 => array( 'emailAddress' => 'jsuarez@neocentric.net', 'contactType' => 'technical', 'givenName' => 'Administrator', ), ), );

this is my
saml20-sp-remote.php file

$metadata['federate.ipipeline.com:saml2'] = array( 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'federate.ipipeline.com:saml2', 'AssertionConsumerService' => 'https://federate.ipipeline.com/sp/ACS.saml2', 'SingleSignOnService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SSOService.php', ), ), 'SingleLogoutService' => array( 0 => array( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/SingleLogoutService.php', ), ), 'certData' => 'private.cert', 'contacts' => array( 0 => array( 'emailAddress' => 'jsuarez@neocentric.net', 'contactType' => 'technical', 'givenName' => 'Administrator', ), ), );

this is my
authsources.php

`
admin => [

    'core:AdminPassword',
     ],
    'default-sp' => [
    'saml:SP',

    // The entity ID of this SP.
    // 'entityID' => 'https://cfgroup.com/synovus/third_party/saml/public',
    'entityID' => 'federate.ipipeline.com:saml2',

    // The entity ID of the IdP this SP should contact.
    // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
    // 'idp' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/metadata.php',
    'idp' => null,

    // The URL to the discovery service.
    // Can be NULL/unset, in which case a builtin discovery service will be used.
    'discoURL' => null,

    /*
     * If SP behind the SimpleSAMLphp in IdP/SP proxy mode requests
     * AuthnContextClassRef, decide whether the AuthnContextClassRef will be
     * processed by the IdP/SP proxy or if it will be passed to the original
     * IdP in front of the IdP/SP proxy.
     */
    'proxymode.passAuthnContextClassRef' => false,


],
    'federate.ipipeline.com:saml2' => [
    'saml:SP',

    // The entity ID of this SP.
    // 'entityID' => 'https://cfgroup.com/synovus/third_party/saml/public',
    'entityID' => 'federate.ipipeline.com:saml2',

    // The entity ID of the IdP this SP should contact.
    // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
    // 'idp' => 'https://cfgroup.com/synovus/third_party/saml/public/saml2/idp/metadata.php',
    'idp' => "federate.ipipeline.com:saml2",

   
    'discoURL' => null,

   
    'proxymode.passAuthnContextClassRef' => false,

   
],`

**I'm not able to understand why its stuck in redirection loop please help me to fix it **

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tvdijen @EssDevUi @esssalman