renperez01

Hey Guys,

Unfortunately i did not find a resolution for this. I ended up using google for single sign on which works great!

@ktbartholomew: this is what I get:

<?xml version=”1.0″ encoding=”UTF-8″?>
<samlp:AuthnRequest xmlns:samlp=”urn:oasis:names:tc:SAML:2.0:protocol” ID=”agdobjcfikneommfjamdclenjcpcjmgdgbmpgjmo” Version=”2.0″ IssueInstant=”2007-04-26T13:51:56Z” ProtocolBinding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” ProviderName=”google.com” AssertionConsumerServiceURL=”https://www.google.com/a/solweb.no/acs&#8221; IsPassive=”true”><saml:Issuer xmlns:saml=”urn:oasis:names:tc:SAML:2.0:assertion”>google.com</saml:Issuer><samlp:NameIDPolicy AllowCreate=”true” Format=”urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified” /></samlp:AuthnRequest>

@ktbartholomew: Where would I find the SAMLResponse? Sorry im new to this.

Hi Keith,

@ktbartholomew: Thanks for the response. I did what you told me to do. and now I am getting a different error.

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: sspmod_saml_Error: Responder
Backtrace:
3 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Message.php:371 (sspmod_saml_Message::getResponseError)
2 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Message.php:498 (sspmod_saml_Message::processResponse)
1 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:75 (require)
0 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

Updated with a new error on my ADFS.

The Federation Service encountered an error while processing the SAML authentication request.

Additional Data
Exception details:
Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0038: SAML Message has wrong signature. Issuer: ‘https://myweb.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1&#8217;.
at Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)

This is the error i am getting on ADFS:

Encountered error during federation passive request.

Additional Data

Protocol Name:
Saml

Relying Party:
https://mywebsite.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1

Exception details:
Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0038: SAML Message has wrong signature. Issuer: ‘https://mywebsite.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1&#8217;.
at Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

This is what I have under general tab and identity provider:

Entity ID: https://mywebsite.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1

https://engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1

When I added the url to our ADFS console, it did not give me any errors. I was able to add it successfully and test the site.

Do you have any insight on how I can resolve this error? Thanks!

appreciate the help!

Hi ktbartholomew,

I keep getting this error: i am using adfs

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /home/wp_hsg4u2/mywebsite.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP ‘https://mywebsite.com/adfs/services/trust&#8217; because it isn’t a valid IdP for this SP.
Backtrace:
2 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:112 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
1 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:72 (require)
0 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

I edited saml_settings.php and corrected the url but im still getting the same error.

private function _use_defaults()
{
$defaults = array(
‘option_version’ => $this->current_version,
‘enabled’ => false,
‘idp’ => ‘https://mywebsite/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1&#8217;,
‘nameidpolicy’ => ‘urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress’,
‘attributes’ => array(
‘username’ => ”,
‘firstname’ => ”,
‘lastname’ => ”,
’email’ => ”,
‘groups’ => ”,
),
‘groups’ => array(
‘super_admin’ => ”,
‘admin’ => ”,
‘editor’ => ”,
‘author’ => ”,
‘contributor’ => ”,
‘subscriber’ => ”,
),
‘allow_unlisted_users’ => true,

Hi Nithin,

How did you resolve your first issue? I am getting the same error.

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /home/wp_hsg4u2/eng.domain.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Cannot retrieve metadata for IdP ‘https://adfs.domain.com/adfs/services/trust&#8217; because it isn’t a valid IdP for this SP.
Backtrace:
2 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:112 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
1 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:72 (require)
0 /home/wp_hsg4u2/engineering.tunein.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)