"Could not find the metadata of an IdP" with drupal and simplesamlphp_auth

binaryatwork picture binaryatwork · Aug 18, 2016 · Viewed 7.6k times · Source

I set up my SimpleSamlPhp(I have my IdP in another server) with Drupal. After logging into "http://localhost:31478/simplesaml/" as administrator, I ran "Test authentication sources" with my IdP, the screen of "SAML 2.0 SP Demo Example" screen with correct attributes was displayed. I guess it meant that SimpleSamlPhp and my Idp could see each other and were communicated properly.

However, when I tried to use Federated login with Drupal after turning on "Activate authentication via SimpleSAMLphp",I got the following error:

SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity ID 'tenant2.test.com' in sspmod_saml_Auth_Source_SP->getIdPMetadata() (line 134 of /var/www/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php).

SETTINGS

  • Drupal version is 8.
  • php version is 5.6.24-0.
  • simplesamlphp_auth module version is 8.x-3.0-alpha4+2-dev.
  • simplesamlphp_auth module was installed and enabled in Drupal. "Authentication source for this SP" was set to "default-sp" for simplesamlphp_auth module configuration

I have my simplesamlphp directory in /var. The following changes were made for enabling saml

/var/simplesamlphp/config/config.php


    'baseurlpath' => 'simplesaml/',
    ....
    'enable.saml20-sp'  => true,
    'enable.saml20-idp' => true,
    'enable.shib13-idp' => false,
    'enable.adfs-idp' => false,
    'enable.wsfed-sp' => false,
    'enable.authmemcookie' => false,
    ....
    'saml' => TRUE,
    ....
    ....
    'default-saml20-idp' => 'tenant2.test.com',
    ....
    'store.type'                    => 'memcache',
    ....
    ....
    'memcache_store.servers' => array(
        array(
            array('hostname' => 'localhost'),
        ),
    ),
    'memcache_store.prefix' => 'SimpleSAMLphp',
    ....
    .... 
    'trusted.url.domains' => array('localhost:31478'),

/var/simplesamlphp/config/authsources.php


    <?php
    $config = array(
        'admin' => array(
        'core:AdminPassword',
        ),

        'default-sp' => array(
            'saml:SP',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',       
        'entityID' => null,
        'idp' => 'tenant2.test.com',  
        'discoURL' => null,
    ),

    );
    

/var/simplesamlphp/metadata/saml20-idp-remote.php


    <?php
        $metadata['tenant2.test.com'] = array(
            'SingleSignOnService'  => 'https://tenant2.test.com/testSamlLogin',
            'AssertionConsumerService' => 'http://localhost:31478/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
            'SingleLogoutService'  => 'https://tenant2.test.com/admin/logout',
            'certFingerprint'      => '0a89aec59bf48e414ec050f6956891cb3f5b09a0',
        );

I have been trying to fix this problem for a few days. Did I missing anything?

Thank you.

Answer

user10301971 picture user10301971 · Sep 1, 2018

Discovered this can also happen if the metadata includes an 'expire' key and the metadata is expired. Try commenting that out in your saml20-idp-remote.php metadata and seeing if you get a different error, because the error handling is skipped over.