Problem: Unable to locate metadata

scheinig · May 17, 2022, 3:02pm

Problem:

Unable to locate metadata for ‘https://member.schein.ig/index.php/apps/user_saml/saml/metadata’

Unable to locate metadata for 'https://member.schein.ig/index.php/apps/user_saml/saml/metadata'
SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'https://member.schein.ig/index.php/apps/user_saml/saml/metadata\'')

Backtrace:
3 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:299 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:319 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 modules/saml/lib/IdP/SAML2.php:334 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 www/saml2/idp/SSOService.php:19 (N/A)

Investigation:

The Indentifier was wrong:

udm saml/serviceprovider list
[...]
DN: SAMLServiceProviderIdentifier=https://member.schein.ig/nextcloud/apps/user_saml/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=schein,dc=ig
  AssertionConsumerService: https://member.schein.ig/nextcloud/apps/user_saml/saml/acs
  Identifier: https://member.schein.ig/nextcloud/apps/user_saml/saml/metadata
  NameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
[...]

Solution:

The Identifier is wrong. The Identifier comes from the nextcloud (server)
In this case it was not the nextcloud app from our appcenter and it was installed on a Ubuntu server. So the problem was
‘https://member.schein.ig/index.php/apps/user_saml/saml/metadata’
vs
‘https://member.schein.ig/nextcloud/apps/user_saml/saml/metadata’
See also:
Univention Blog: SSO für Nextcloud mit UCS einrichten
Problem: Troubleshooting SAML with nextcloud

scheinig · May 17, 2022, 3:03pm