Simplesamlphp unhandled exception error while using as SP
After successfully receiving the SAML 2.0 token while using simplesamlphp as a Service Provider I get the following error.
Oct 21 17:30:15 simplesamlphp DEBUG [6b6e3c270f] GenerateGroups - attribute 'eduPersonAffiliation' not found.
Oct 21 17:30:15 simplesamlphp DEBUG [6b6e3c270f] Session: doLogin("default-sp")
Oct 21 17:30:15 simplesamlphp WARNING [6b6e3c270f] Unable to find the SAML 2 binding used for this request.
Oct 21 17:30:15 simplesamlphp WARNING [6b6e3c270f] Request method: 'GET'
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Backtrace:
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 0 /var/www/simplesamlphp/www/module.php:180 (N/A)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Caused by: Exception: Unable to find the current binding.
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Backtrace:
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 2 /var/www/simplesamlphp/lib/SAML2/Binding.php:95 (SAML2_Binding::getCurrentBinding)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 1 /var/www/simplesamlphp/modules/saml/www/sp/saml2-acs.php:11 (require)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 0 /var/www/simplesamlphp/www/module.php:135 (N/A)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Error report with id bd213fb5 generated.
My SP is set up like this:
**authsources.php**
'default-sp' => array(
'saml:SP',
'entityID' => NULL,
'idp' => NULL,
'discoURL' => NULL,
'RelayState' => '{link to my application}',
'acs.Bindings' => array(
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
),
),
saml20-idp-remote.php
$metadata['https://{idp entity id}'] = array(
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://{idp entity id}',
'name' => array(
'en' => 'IDP Name',
'no' => 'IDP name',
),
'description' => 'IDP desc',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => '{SSO url}',
),
1 =>
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => '{SSO url}',
),
),
'SingleLogoutService' => '{SLO url}',
'certFingerprint' => '{the fingerprint}',
);
I am pretty new to Single Sign on. I have also hid the urls for confidentiality but I am not sure if I am missing something or whats causing this error to be thrown. If anyone could help point me in the right direction that would be greatly appreciated. I should also mention I am trying to use https://drupal.org/project/simplesamlphp_auth to hook into my application.
This is an IDP first flow. I am use mysql to store the sessions.
Answer
"Unable to find the current binding." means exactly that, that the current binding cannot be determined. Your saml20-idp-remote.php mentions HTTP-POST binding, and your log mentions Request method: 'GET', so probably something goes wrong while posting to https://…/module.php/saml/sp/saml2-acs.php/default-sp.
I'm just doing a wild guess here, but in my experience, the most common cause is a redirecting web server. Maybe you redirect to a different hostname? Do you force HTTPS? Check on the IdP that the URLs for the AssertionConsumerService are correct - they should lead directly to SimpleSamlPhp without any redirect.