Hello,
I’m curious about the configuration of IdentityProviders within an SP.
Let’s say I have two possible IDP’s - one I created with ComponentSpace, and one another developer created on a different server. https://myLocalIdp.dev.com and https://clientIdp.client.com.
I get an error message from the one at clientIdp.client.com saying “https://clientidp.client.com/path1/path2/path3/metadata.php is not configured”.
here’s a snippet from my config file:
<PartnerIdentityProvider Name=“<a href=“https://clientidp.client.com””>https://clientidp.client.com"
SignAuthnRequest=“false”
WantSAMLResponseSigned=“true”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
SingleSignOnServiceUrl=“<a href=“https://clientidp.client.com/path1/path2/path3/metadata.php””>https://clientidp.client.com/path1/path2/path3/metadata.php"
SingleLogoutServiceUrl=“<a href=“https://clientidp.client.com/printportal””>https://clientidp.client.com/printportal"
PartnerCertificateFile=“client_com.cer”/>
Does the NAME of the provider have to be the full path to the metadata? The Referer path of the request is also different: “<a href=“https://clientidp.client.com/path1/path2/module.php/core/loginuserpass.php?””>https://clientidp.client.com/path1/path2/module.php/core/loginuserpass.php?" Where path1 and path2 are the same as the metadata path I showed above.
Thanks
The Name attribute value corresponds to the SAML metadata entity ID.
When a SAML message is received, we use the Issuer field to identify who sent the message and attempt to match the Issuer against one of the Names. The Issuer field should be set to the sender’s SAML metadata entity ID.
So, the Name, SAML metadata entity ID, and SAML message Issuer field are all equivalent.
If the Issuer field doesn’t match then you’ll see the error message referring to it not being configured.
In your case, the issuer field is “https://clientidp.client.com/path1/path2/path3/metadata.php”.
You need the Name to be the same.
<PartnerIdentityProvider Name=“<a href=“https://clientidp.client.com/” “=””>https://clientidp.client.com/path1/path2/path3/metadata.php“
SignAuthnRequest=“false”
WantSAMLResponseSigned=“true”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
SingleSignOnServiceUrl=”<a href=“https://clientidp.client.com/path1/path2/path3/metadata.php” “=”“><a href=“https://clientidp.client.com/path1/path2/path3/metadata.php””>https://clientidp.client.com/path1/path2/path3/metadata.php"
SingleLogoutServiceUrl=“<a href=“https://clientidp.client.com/printportal” “=””><a href=“https://clientidp.client.com/printportal”“>https://clientidp.client.com/printportal”
PartnerCertificateFile=“client_com.cer”/>
Thanks for the quick response. I made the config changes and will let you know, hopefully Monday, if it was successful.
Well it's well past "monday" but I believe we can call this advice a winner!
Thanks Matt.