WordPress.org

Ready to get started?Download WordPress

Forums

SAML 2.0 Single Sign-On
[resolved] Empty Entity ID and SP details (11 posts)

  1. chrishuttonch
    Member
    Posted 1 year ago #

    Hi there,

    I've installed the Single Sign-on plugin via the WordPress plugins store (version 0.8.5) but can't seem to get to a similar position as the other topics in the support forum. I have tried the following:

    1) Ticking Enable SAML authentication

    2) Clicking on the Identity Provider and entering the relevant details, clicking Update Options

    3) Clicking on the Service Provider and entering the relevant details, clicking Update Options

    4) Clicking General, the Entity ID is blank as well as the single logout url and SAML Assertion Consumer URL.

    Am I missing something? Thanks for your help, I have also tried updating to the new version 0.8.6 but the Identity Provider screen is just blank.

    http://wordpress.org/extend/plugins/saml-20-single-sign-on/

  2. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    This was sort of a flub on my part, due to inadequate testing. If you still have your configuration files from 0.8.5, then move them from:

    /wp-content/plugins/saml-20-single-sign-on/etc
    to:
    /wp-content/uploads/saml-20-single-sign-on/etc.

    This is the where configuration stuff will be kept from now on, but unfortunately I forgot to write the code to create these directories if they don't exist! This will be taken care of in the next update, or you can just move those files and see where it gets you.

    Also, contrary to what I thought (and contrary to how SAML should work) you MUST have a certificate and private key uploaded, or the SP portion will fail. I'm sure this can be fixed too, but I haven't dug into it yet.

  3. howieko
    Member
    Posted 1 year ago #

    Keith,

    I was having the same issue... however, once I installed 8.6 I'm now getting the following error when I go to the Identify Provider settings tab:

    "I'm not able to write to the folder /nas/wp/www/cluster-1612/thesource/wp-content/uploads/saml-20-single-sign-on/etc which means you won't be able to change any settings! Please ensure that the web server has permission to make changes to this folder."

    First, I noticed that there was only an /etc. folder, and no /etc folder. I tried creating an etc folder, and even tried going into the samlauth.php file and changed it to /etc. Permissions on both folders are set to 775. Any ideas?

    Thanks

  4. dmaddi@softrim.com
    Member
    Posted 1 year ago #

    I moved the contents from plugins to uploads however the idp tab is still blank. Is there an update coming soon to fix this?

  5. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    Unfortunately, I am temporarily without access to my development computers and don't know when I will have access to them again. A future update will fix this problem, but I can't guarantee how soon the fix will be implemented.

    In the meantime: This file is probably the source of your troubles:

    /wp-content/plugins/saml-20-single-sign-on/saml/metadata/saml20-idp-remote.php

    On line 4 of that file, the path to the ini file has been hard-coded using a value from my development server (woops). You can either change this to the appropriate value for your server, or drop in the necessary variables to accomplish the same thing. A future update will use WordPress global variables to specify the path to the ini file. I would post the necessary code changes here, but I wouldn't be able to test it and don't want to post misinformation.

  6. dmaddi@softrim.com
    Member
    Posted 1 year ago #

    It still left the idp page blank, so I just went in and edited the ini file by hand, it now shows up in the Identity Provider dropdown on the "Service Provider" tab. However when I enable the plugin and try to use it (access a page from another browser that requires a login), it is bypassing the login page as it should, however the page is blank. what should this be pulling up in place of the login page, the SignOn Service page for my IDP (adfs)?

  7. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    Upon accessing a page that requires authentication, it should take you to the ADFS login page, with a Base64-encoded request in the URL. If it stalls on a blank page on the SP side, then perhaps you need to re-save the Service Provider tab. After making changes to the IdP configuration, it is often necessary to open and save the SP tab, as well.

  8. dmaddi@softrim.com
    Member
    Posted 1 year ago #

    I'm wondering if I'm missing more configuration in the idp-remote.ini.
    I currently only have name and singlesignonservice filled in. Resaving it did not solve the problem. I have the full version of simplesamlphp working and authenticating correctly as another site. Just trying to nail what needs to be configured and where to get the same desired results.

  9. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    dmaddi, you MUST have the following fields filled in for the IdP:

    Idp Name
    URL Identifier
    SSO URL
    certFingerprint

    Also, 0.8.7 was released today, which should simplify many of these problems.

  10. roberthrawson
    Member
    Posted 11 months ago #

    I have WP 3.61 and the 0.91 version of the plugin. I am unable to make much headway with this, the general tab is not showing me any of the SP configuration data. I'm not seeing saml2 anywhere when hitting the server from a browser; every path I have tried has resulted in an object not found. I think these two are related, I would have thought there would be some way to hit this SAML implementation to test with a browser but I cannot find any path that does anything, I am thinking there must be a missing symlink or a config parameter that needs to be tweaked.

    What's different about my server? Not much. It's running SuSE Linux Enterprise Server 10, the htdocs subdirectory is a symlink, the wordpress site is the root of the apache server (my content appears right off the root of the domain name. I do have a wildcard cert installed for my domain in my IDP. The IDP is the latest release of NetIQ Access Manager (but I can't fully configure the SP's parameters there until I can get this working on the WordPress side).

    Any direction here would be helpful and appreciated
    -Rob
    .

  11. euraisemeup
    Member
    Posted 9 months ago #

    Hi Members,

    Would like to ask to where should i get the Signing Certificate and Signing Private Key? And checking the box to Generate a new certificate and private key for me, will scrape out of providing certificate and private key? where can i found these certificate and private key(on this directory - /wp-content/plugins/saml-20-single-sign-on/etc)?

    Your prompt response is greatly appreciated.

    Thank you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.