Hallo,
ich will gerade eine SAML SP bauen und bin zusätzlich gefrustet, weil das BB Forum gerade meine Post geschrottet hat. Nun ja, also alles nochmal schreiben.
Ich bekommen beim Redirekt zur UCS IdP Loginseite folgende Fehlermeldung:
SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'\'')
Backtrace:
3 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:301 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:321 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:303 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:18 (N/A)
Ich habe die Datei MetaDataStorageHandler.php ein wenig um Debug output erweitert:
public function getMetaDataConfig($entityId, $set) {
assert('is_string($entityId)');
assert('is_string($set)');
SimpleSAML_Logger::warning("Getting MetaData CKO " .
$entityId . " und ". $set);
$metadata = $this->getMetaData($entityId, $set);
return SimpleSAML_Configuration::loadFromArray($metadata, $set . '/' . var_export($entityId, TRUE));
}
Folgender Log eintrag:
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 6 [726bb71310] SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 4 [726bb71310] Getting MetaData CKO https://ucs-sso.saml-test.intranet/simplesamlphp/saml2/idp/metadata.php und saml20-idp-hosted
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] Received message:
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] <ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="http://172.16.200.106:5000" Destination="http://ucs-sso.saml-test.intranet/simplesamlphp/saml2/idp/SSOService.php" ID="id-UMJNvRfZIyt95grFK" IssueInstant="2016-03-11T10:10:35Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"/>
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] <ns0:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] </ns0:AuthnRequest>
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 4 [726bb71310] Getting MetaData CKO und saml20-sp-remote
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%' => '\'\'')
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] Backtrace:
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] 3 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:301 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] 2 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:321 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] 1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:303 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] 0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:18 (N/A)
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 3 [726bb71310] Error report with id 9ebe1fc0 generated.
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] /simplesamlphp/saml2/idp/SSOService.php - Template: Could not find template file [error.php] at [/usr/share/simplesamlphp/modules/univentiontheme/themes/univention/default/error.php] - now trying the base template
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] Template: Reading [/usr/share/simplesamlphp/dictionaries/errors]
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] Template: Reading [/usr/share/simplesamlphp/modules/univentiontheme/dictionaries/univention]
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] /simplesamlphp/saml2/idp/SSOService.php - Template: Could not find template file [core:no_metadata.tpl.php] at [/usr/share/simplesamlphp/modules/univentiontheme/themes/univention/core/no_metadata.tpl.php] - now trying the base template
Mar 11 11:10:34 gandalf simplesamlphp[5273]: 7 [726bb71310] Template: Reading [/usr/share/simplesamlphp/modules/core/dictionaries/no_metadata]
Der SP ist konfiguriert und die Datei /etc/simplesamlphp/metadata.d/privacyIDEA.php wurde erzeugt:
<?php
$metadata['privacyIDEA'] = array(
'AssertionConsumerService' => array('http://172.16.200.106:5000'),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'simplesaml.nameidattribute' => 'uid',
'simplesaml.attributes' => false,
'OrganizationName' => 'NetKnights',
'authproc' => array(
10 => array(
'class' => 'authorize:Authorize',
'regex' => FALSE,
'enabledServiceProviderIdentifier' => array('SAMLServiceProviderIdentifier=privacyIDEA,cn=saml-serviceprovider,cn=univention,dc=saml-test,dc=intranet'),
)
),
);
Es ist mein erster SP, insofern kann das mannigfaltige Gründe haben
Vielen Dank für alle sachdienlichen Hinweise.
Schönen Gruß
COrnelius