A username was not provided.

Try adding an outgoing claim type for Name ID. On my installation:

SAM-Account-Name -> Name ID
SAM-Account-Name -> Windows account name

Mark

Hi enricomv/Mark,

Really glad that you guys must have got the SAML configuration for your applications.

I have a issue which is described below:

PHP Fatal error: Uncaught exception ‘SimpleSAML_Error_Exception’ with message ‘Could not find the metadata of an IdP with entity ID ‘https://your-idp.net” in /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on-bak/saml/modules/saml/lib/Auth/Source/SP.php:134

But the entity Id is displayed as https://my-site-url/wp-content/plugins/saml-20-single-sign-on-bak/saml/www/module.php/saml/sp/metadata.php/1 in my General page of the plugin.

It looks like the entity ID is not getting reflected in the database.

Can you please let me know if you faced similar issues.

Also it would be really great if you guys can please share the screenshots of the configurations that you have made under Identity and Service provider tabs.

Thanks a lot for listening to my issues.

Thanks & Regards,
Nithin Kumar.

Good morning,

Yes, that IDP setting kept resetting back to the default for me. What I did to fix what change the default in:

/saml-20-single-sign-on/lib/classes/saml_settings.php , ~line 250

private function _use_defaults()
  {
    $defaults = array(
      'option_version' => $this->current_version,
      'enabled' => false,
      'idp' => 'https://hostname/adfs/services/trust',
      'nameidpolicy' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
      'attributes' => array(
        'username' => '',
        'firstname' => '',
        'lastname' => '',
        'email' => '',
        'groups' => '',
      ),
      'groups' => array(
        'super_admin' => '',
        'admin' => '',
        'editor' => '',
        'author' => '',
        'contributor' => '',
        'subscriber' => '',
      ),
      'allow_unlisted_users' => true
    );

    return($defaults);
  }

Now, when the idp resets, it will reset to the proper IDP information.

Hope this helps,
Mark

Good morning Mark..!!

Yes even i had to go to saml_settings.php file and hard code my server details as below:

private function _use_defaults()
{
$defaults = array(
‘option_version’ => $this->current_version,
‘enabled’ => false,
‘idp’ => ‘https://fast.xyz.com’,
‘nameidpolicy’ => ‘urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress’,
‘attributes’ => array(
‘username’ => ‘sAMAccountName’,
‘firstname’ => ‘givenName’,
‘lastname’ => ‘sn’,
’email’ => ’email’,
‘groups’ => ‘memberOf’,
),
‘groups’ => array(
‘super_admin’ => ”,
‘admin’ => ‘users’,
‘editor’ => ”,
‘author’ => ”,
‘contributor’ => ”,
‘subscriber’ => ”,
),
‘allow_unlisted_users’ => true
);

return($defaults);
}

Now i receive another error saying “A username was not provided”.

I read your above post and you suggested to use

Try adding an outgoing claim type for Name ID. On my installation:

SAM-Account-Name -> Name ID
SAM-Account-Name -> Windows account name

Can you please tell me where do i have give the above two values. I mean in which file of the plug-in.

Thanks & Regards,
Nithin Kumar.

Good afternoon Nithin,

The two above entries need to be made in the ADFS 2.0 management console
-> trust relationships -> relaying party trusts -> (pick one) -> edit claim rules.

Hope this helps,
Mark

Mark,

Thanks for your kind and quick reply.

We are actually using PING federate server and not ADFS.

Can you please let me know if you have any idea how to work with PING to resolve the above issue.

And also wanted to bring it to your notice that we do not have any URL for the metadata for Idp. Hence i have removed the getIdpMetadata function from the plug-in.

But i am still stuck with the issue of ‘A Username was not provided’.

Hi Nithin,

No idea with PING at all, but I expect it will work in a similar way. Find your attribute store and see what claim is being sent for username? Perhaps the username is being sent under a different variable name to the SAML plugin.

Hope this helps,
Mark

Hi Mark,

Thanks for writing in so quickly for my queries.

I am looking for options to get it up using PING.

Also can you please tell me if we should use getIdPMetadata function even though we do not use “Autofill using Metadata” option.

As i still get the below error:

PHP Fatal error: Uncaught exception ‘SimpleSAML_Error_Exception’ with message ‘Cannot retrieve metadata for IdP ‘https://fast.xyz.com’ because it isn’t a valid IdP for this SP.’ in /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:115
Stack trace:
#0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(294): sspmod_saml_Auth_Source_SP->getIdPMetadata(‘https://fast.ti…’)
#1 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(371): sspmod_saml_Auth_Source_SP->startSSO(‘https://fast.ti…’, Array)
#2 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Default.php(59): sspmod_saml_Auth_Source_SP->authenticate(Array)
#3 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Simple.php(141): Simp in /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php on line 115

Can you please provide your valuable help.

Thanks & Regards,
Nithin Kumar.

Hi Markphipps,

We successfully resolved the above issues but we are receiving an exception while trying to access the PING Federate server.

We are successfully redirected from https://our-url/wp-admin to the login page of the SSO poratl. When we enter the correct credentials we are receiving a page that is going into an infinite loop. When we enter incorrect credentials , we are shown a message that is set in SSO portal “Enter correct details”.

Can you please help us with the below situation.
When we try to access “Your SAML Assertion Consumer URL:” https://url/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: Exception: Unable to find the current binding.
Backtrace:
2 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/Binding.php:103 (SAML2_Binding::getCurrentBinding)
1 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-logout.php:23 (require)
0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

Hi Nithin,

I’ve never seen this error before. From backtrace line 2, it looks like it can’t find the current binding — double check the name/url of your endpoint.

Hope this helps,
Mark

Good morning Markphipps,

After a great struggle i have managed to connect to the IDP server and the same is sending the values correctly except that it is not giving me the Name ID.

In the Service Provider tab, we have Attributes section where in we have given “NameID” as the Attribute for username.

In saml_client we have the following function:

public function authenticate()
  {
    if( isset($_GET['loggedout']) && $_GET['loggedout'] == 'true' )
    {
      header('Location: ' . get_option('siteurl'));
      exit();
    }
    else
    {
      $this->saml->requireAuth( array('ReturnTo' => get_admin_url() ) );
      $attrs = $this->saml->getAttributes();
	  echo "<pre>";
	print_r($attrs);
	echo "</pre>";
	print_r($this->settings->get_attribute('username'));
      if(array_key_exists($this->settings->get_attribute('username'), $attrs) )
      {
        $username = $attrs[$this->settings->get_attribute('username')][0];
        if(get_user_by('login',$username))
        {
          $this->simulate_signon($username);
        }
        else
        {
          $this->new_user($attrs);
        }
      }
      else
      {
        die('A username was not provided 65.');
      }
    }
  }

Array
(
    [Name] => Array
        (
            [0] => Nithin Gopishetty
        )

    [Email] => Array
        (
            [0] => [email protected]
        )

    [GivenName] => Array
        (
            [0] => Nithin
        )

    [SN] => Array
        (
            [0] => Gopishetty
        )

    [groups] => Array
        (
            [0] => users
            [1] => members
        )

)

NameID

A username was not provided

Mike, can you please help with this one last issue.

P.S We are using PING as our Idp server

Thanks & Regards,
Nithin Kumar.

Hi Nithin,

From what I see above, the PING server isn’t sending the username information at all. Perhaps the field being mapped is empty?

Is this link of any help at all? The section at the very bottom deals with NameID: https://technet.microsoft.com/en-us/library/adfs2-federation-with-ping-identity-ping-federate(v=ws.10).aspx

This also looks related for PING: https://www.pingidentity.com/support/solutions/index.cfm/PingOne-Error-in-Single-Sign-On-SAML-210-Missing-NameID-when-using-ADFS-as-the-IdP

Hope this helps,
Mark

btw, in your array below, is one of those entries suppose to contain your username? I would have thought that the username was something like ‘nkumar’?

Hi Markphipps,

Firstly thanks a lot for your continuous support.

Yes, it was the issue with the Idp server, which was not sending the username.(Eg ‘nkumar’)

It is really nice that we are finally able to log-in.

But we have an issue with Logout functionality.

It says:

The debug information below may be of interest to the administrator / help desk:

SimpleSAML_Error_NoState: NOSTATE

Backtrace:
2 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/State.php:232 (SimpleSAML_Auth_State::loadState)
1 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:54 (require)
0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

Also in the Identity provider tab do the Single Sign-on URL and Single Logout URL have to be same?? Can you please correct me as shown below:

Single Sign-On URL: https://xyz.com/idp/SSO.saml2
 Single Logout URL: https://xyz.com/idp/SSO.saml2

Thanks & Regards,
Nithin Kumar.

Hi Nithin,

How did you resolve your first issue? I am getting the same error.

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /home/wp_hsg4u2/eng.domain.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP ‘https://adfs.domain.com/adfs/services/trust’ because it isn’t a valid IdP for this SP.
Backtrace:
2 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:112 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
1 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:72 (require)
0 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)