Empty Entity ID and SP details

This was sort of a flub on my part, due to inadequate testing. If you still have your configuration files from 0.8.5, then move them from:

/wp-content/plugins/saml-20-single-sign-on/etc
to:
/wp-content/uploads/saml-20-single-sign-on/etc.

This is the where configuration stuff will be kept from now on, but unfortunately I forgot to write the code to create these directories if they don’t exist! This will be taken care of in the next update, or you can just move those files and see where it gets you.

Also, contrary to what I thought (and contrary to how SAML should work) you MUST have a certificate and private key uploaded, or the SP portion will fail. I’m sure this can be fixed too, but I haven’t dug into it yet.

Keith,

I was having the same issue… however, once I installed 8.6 I’m now getting the following error when I go to the Identify Provider settings tab:

“I’m not able to write to the folder /nas/wp/www/cluster-1612/thesource/wp-content/uploads/saml-20-single-sign-on/etc which means you won’t be able to change any settings! Please ensure that the web server has permission to make changes to this folder.”

First, I noticed that there was only an /etc. folder, and no /etc folder. I tried creating an etc folder, and even tried going into the samlauth.php file and changed it to /etc. Permissions on both folders are set to 775. Any ideas?

Thanks

I moved the contents from plugins to uploads however the idp tab is still blank. Is there an update coming soon to fix this?

Unfortunately, I am temporarily without access to my development computers and don’t know when I will have access to them again. A future update will fix this problem, but I can’t guarantee how soon the fix will be implemented.

In the meantime: This file is probably the source of your troubles:

/wp-content/plugins/saml-20-single-sign-on/saml/metadata/saml20-idp-remote.php

On line 4 of that file, the path to the ini file has been hard-coded using a value from my development server (woops). You can either change this to the appropriate value for your server, or drop in the necessary variables to accomplish the same thing. A future update will use WordPress global variables to specify the path to the ini file. I would post the necessary code changes here, but I wouldn’t be able to test it and don’t want to post misinformation.

It still left the idp page blank, so I just went in and edited the ini file by hand, it now shows up in the Identity Provider dropdown on the “Service Provider” tab. However when I enable the plugin and try to use it (access a page from another browser that requires a login), it is bypassing the login page as it should, however the page is blank. what should this be pulling up in place of the login page, the SignOn Service page for my IDP (adfs)?

Upon accessing a page that requires authentication, it should take you to the ADFS login page, with a Base64-encoded request in the URL. If it stalls on a blank page on the SP side, then perhaps you need to re-save the Service Provider tab. After making changes to the IdP configuration, it is often necessary to open and save the SP tab, as well.

I’m wondering if I’m missing more configuration in the idp-remote.ini.
I currently only have name and singlesignonservice filled in. Resaving it did not solve the problem. I have the full version of simplesamlphp working and authenticating correctly as another site. Just trying to nail what needs to be configured and where to get the same desired results.

dmaddi, you MUST have the following fields filled in for the IdP:

Idp Name
URL Identifier
SSO URL
certFingerprint

Also, 0.8.7 was released today, which should simplify many of these problems.

I have WP 3.61 and the 0.91 version of the plugin. I am unable to make much headway with this, the general tab is not showing me any of the SP configuration data. I’m not seeing saml2 anywhere when hitting the server from a browser; every path I have tried has resulted in an object not found. I think these two are related, I would have thought there would be some way to hit this SAML implementation to test with a browser but I cannot find any path that does anything, I am thinking there must be a missing symlink or a config parameter that needs to be tweaked.

What’s different about my server? Not much. It’s running SuSE Linux Enterprise Server 10, the htdocs subdirectory is a symlink, the wordpress site is the root of the apache server (my content appears right off the root of the domain name. I do have a wildcard cert installed for my domain in my IDP. The IDP is the latest release of NetIQ Access Manager (but I can’t fully configure the SP’s parameters there until I can get this working on the WordPress side).

Any direction here would be helpful and appreciated
-Rob
.

Hi Members,

Would like to ask to where should i get the Signing Certificate and Signing Private Key? And checking the box to Generate a new certificate and private key for me, will scrape out of providing certificate and private key? where can i found these certificate and private key(on this directory – /wp-content/plugins/saml-20-single-sign-on/etc)?

Your prompt response is greatly appreciated.

Thank you.