Requesting more configuration details

p.s. I’d like to discuss a potential security issue. I want to privately email you and the plugins group, but you haven’t provided contact information. Please PM me on twitter (@SyntaxPolice) or otherwise provide your email.

Isaac, I’ve followed you on Twitter so we can get a DM going.

There’s clearly a lot of documentation yet to be done, as evidenced by the mostly-blank “Help” tab. To answer your specific questions:

The assertion consumer URL should be listed on the “General” tab after some SP information has been entered (dependent on libcurl and poorly error-checked, so fails easily), but will typically follow the pattern https://[hostname]/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/%5Bblog_id or 1 for single site]. The SimpleSAMLPHP project recommends an Alias directive to make this URL more palatable, but it’s not strictly necessary.

IdP Name is strictly cosmetic. The name you enter here will appear in the drop-down on the “Service Provider” tab. The intention is that a future version will allow you to define multiple Identity Providers…this helps you keep them straight.

The URL Identifier is what the IdP will insert in the <saml:Issuer /> tag of the assertion. If the plugin receives an assertion from an unknown issuer, it will cause an error. For my ADFS 2.0 IdP, this URL is https://login.example.com/adfs/services/trust

The plugin will remove colons from the certificate fingerprint, but (currently) not spaces or other characters that are commonly used to separate the fingerprint bytes.

Hope it helps! Look forward to talking to you further.

currently trying to implement the SSO using your SAML20 plugin with an IdP…So after configuring the Identity Provider tab and enable the SAML I am getting the error below;
“
Fatal error: Uncaught exception ‘SimpleSAML_Error_Exception’ with message ‘Could not find the metadata of an IdP with entity ID ‘https://192.168.2.104&#8221; in /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:134 Stack trace: #0 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(290): sspmod_saml_Auth_Source_SP->getIdPMetadata(‘https://192.168&#8230;.’) #1 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(368): sspmod_saml_Auth_Source_SP->startSSO(‘https://192.168&#8230;.’, Array) #2 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Default.php(58): sspmod_saml_Auth_Source_SP->authenticate(Array) #3 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Simple.php(137): SimpleSAML_Auth_Default::initLogin(‘1’, ‘https://192.168&#8230;.’, NULL, Array) #4 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/Si in /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php on line 134
“

would you please let me know of how can I go further please?

you can also email me [email protected]

thank you and appreciated!!

It looks like the Entity ID your IdP is providing and the one you’ve specified in the plugin do not match. Your IdP is identifying itself as “https://192.168.2.104&#8221; so you need to set the plug-in to expect that specific IdP. You can do this by modifying the “URL Identifier” field on the Identity Provider tab.

As a side note, using an IP address (especially a private one) as your Entity ID is not a very good idea…hopefully this is just in a test environment.

Keith,
I really need your help so bad, and I was wondering if I could reach out to you personally please?

thanks

aprboy,

I’m on twitter: @ktbartholomew

Feel free to add/DM me and we can get a conversation going.

Keith,
sent you a tweet…

thanks

Keith,
Even I have defined the “URL Identifier” on the saml plugin UI, seems like its complaining about an empty “Entity ID” as shown the error below. Is there anywhere in a certain file that we can manually add this value or how can we fix this error please?
Thank you for the help

“Fatal error: Uncaught exception ‘SimpleSAML_Error_Exception’ with message ‘Could not find the metadata of an IdP with entity ID ”’ in /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:134 Stack trace: #0 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(290): sspmod_saml_Auth_Source_SP->getIdPMetadata(”) #1 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(368): sspmod_saml_Auth_Source_SP->startSSO(”, Array) #2 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Default.php(58): sspmod_saml_Auth_Source_SP->authenticate(Array) #3 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Simple.php(137): SimpleSAML_Auth_Default::initLogin(‘1’, ‘https://192.168&#8230;.’, NULL, Array) #4 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Simple.php(80): SimpleSAML_Auth_Simple->lo in /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php on line 134″

aprboy, I think I was just able to duplicate the problem you’re getting while doing some testing. I’ll work through it and post an update to the plugin soon.

I strongly suspect that the update will trash your certificates and IdP info, so you should back it up before updating. (The reason for them being deleted is known and will also be fixed in the new update)

I have found that when changing information about the IdP, such as the Entity ID, you must also re-save the settings on the Service Provider tab, usually without making any changes. This will synchronize the SP to use the new Entity ID for the IdP. This is just a workaround…a future update may fix this bug.

Is there any documentation for this plugin? Where do I start?

Keith: how can I contact you offline? Thanks.

sdalal: Documentation is forthcoming. In general, work through the tabs created in the admin portal from right to left. If you don’t know what information each field is asking for, then you may need to do additional research on SAML systems. It’s also possible that I use different terminology than you’re used to, as everybody seems to have a different vocabulary when it comes to SAML.

If you have other questions, please create a new thread in this support forum. I’d be happy to help you with your specific situation, and having the discussion on a public forum will be beneficial to other users who encounter the same problems in the future.