Your metadata WOULD be here, but there is a configuration error:
http://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1
Looks like the certificate used to sign the SAML requests wasn’t found in the right place.
Are you talking about Public Key from IDP side ??
Where should we add public key from IDP ?
How do we get it ? Can it be done by web interface ??
Your SP (the WordPress site) must have a certificate and private key if you wish to do SP-initiated login. The private key should naturally be private, but the certificate will be published as part of the SP Metadata.
The error message in your metadata says:
Could not find PEM encoded certificate in “/var/www/cworblog.med.umich.edu/wp-content/uploads/saml-20-single-sign-on/etc/certs/1/1.cer
If you haven’t already used the plugin to upload or generate a certificate and private key, do that. (It’s on the Service Provider tab)
If you’ve tried that and you’re still getting the same error, then make sure your server has openssl for PHP installed, and that the location to which the plugin is trying to save the certificate is writable.
We are going to have SP (WordPress) initiated login for users. So users will go to WordPress Site & login. It will initiate login to IDP by SAML.
The Website is
http://cworblog.med.umich.edu
This was developed by other internal group in our organization.
I see some issues with this. It is not secured. Atleast we need to have login page secured. How to make it secured only for login
What will be login URL for this site??
Is there Separate URL for Normal Login & separate URL for SAML Login ?
We got certificate issue resolved. Still we can not understand how to generate Metadata for IDP. It XML File or URL
Please advise ASAP
Metadata locations vary from IdP to IdP. What are you using?
We are using NetIQ Access Manager as SAML 2.0 IDP. They IDP wants Metadata in XML format or Metadata URL
Following is example Metadata fromGoogle Apps.
[ Moderator note: please wrap code in backticks or use the code button. ]
<EntityDescriptor entityID="google.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress </NameIDFormat>
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://www.google.com/a/YOURDOMAIN/acs" />
</SPSSODescriptor>
</EntityDescriptor>
Your SAML Info
Your Entity ID:
Your Single Logout URL:
Your SAML Assertion Consumer URL:
No sure what i am suppose to fill up.
Your metadata URL (http://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1) is producing a blank 404 page. Not sure why this is, but once you can get this page to generate a full XML document, those metadata fields will fill up.
Yes I see that. But How do I get this page to generate full xml ??
There are post in forum
php-xml was missing. Once I installed it, the problem was solved…
Maybe a note into the documentation may help
Ciao,
Enrico
How do I install php-xml ?? Is this plugin ??
Please advise ASAP
Under saml-20-single-sign-on we have following folders:
/etc
/lib
/saml
Under /saml we have
attributemap
bin
cert
config
data
dictionaries
docs
extra
lib
log
metadata
modules
schemas
templates
www
Under /wwww
we have
Folders:
admin
auth
resource
saml2
shibl13
wsfed
Files
_include.php
authmemcookie.php
errorreport.php
index.ph
logout.php
modules.php
There is no folder modules.php
Please advise ASAP.
The paths after module.php are not actually folders, it’s using PATH_INFO to execute against module.php. (http://stackoverflow.com/questions/2261951/what-exactly-is-path-info-in-php)
PHP-XML is a PHP extension that is often (but not always) bundled with PHP. It’s also referred to as LibXML2. I can’t really help you figure out how to install that, but if you have a system administrator around, I’m sure they could help you.
Thanks I got Got Metadata Added to IDP. We get IDP Login Prompt. This means
We have trust.
We are sending CN & Email address in SAML Assertion. We are using POST Binding.
But After login I get message “User Name Not Provided”
Any Thoughts ???
