SAML Sample code and ssoCircle

**jeromeof** · Nov 6th, 2011, 11:38 AM

Guys,
I have been trying to get the spring saml2 example (i.e. the spring-security-saml2-sample.war) working with SSOcircle (Note: I have also tried OpenAM/OpenSSO) and have run into lots of issues. The most obvious one is that when running the sample without modification and selecting "Select IDP:" http://idp.ssocircle.com. It fails with a HTTP Status 500 - The SAML Request is invalid. on the ssocircle server. The code in the sample does seem to download the IDP metadata from ssoCircle so I am confused as to where it goes wrong? Is there a bug in the latest SAML2 codebase or is there a patch that I need?
It's as if the latest SAML code does not form the appropriate saml2 request for ssocircle (even though the sample code is developed to work directly with ssoCircle).
I cannot find information on how to get it to work? Has anyone any pointers? I am running the spring-security-saml2-sample.war locally (do I need to deploy it on the internet)???

I have also attempted to get the sso working with the latest openam implementation and also cannot get it to work correctly?

Thanks in advance

Jerome

**rshan** · Jan 24th, 2012, 07:30 PM

Did you ever get this working? I'm experiencing the same issues.

**ps742626** · Apr 12th, 2012, 01:43 PM

I'm experiencing the same issue. Did you find a solution?

**thobson** · Apr 18th, 2012, 01:46 PM

The Spring SAML code is stable, we use it with our Cloudseal platform (an IDP) and it works with Spring Security 3.0.x. We also patched it to work with Spring Security 3.1.x (you can download the patched version here) and this also works without issue. I think your problem lies with your configuration or with the IDP.

**ps742626** · Apr 18th, 2012, 01:50 PM

Thank you!
My issue was entirely an IDP configuration issue. Also, thank you very much for the patch that works with spring security 3.1.x. Now that I got the saml2 sample working, I have to get it working with our app, which is using 3.1.x.

Paul

**Vishal78** · Jun 6th, 2012, 07:39 AM

I am facing the same issue, can you please tell me whats the configuraiton on IDP side ?

Originally Posted by ps742626

Thank you!
My issue was entirely an IDP configuration issue. Also, thank you very much for the patch that works with spring security 3.1.x. Now that I got the saml2 sample working, I have to get it working with our app, which is using 3.1.x.

Paul

**ps742626** · Jun 6th, 2012, 01:18 PM

there could be many possibilities, as the error is very generic. it could be that the idp does not have the service provider (sp) metadata set up; it could be an http vs https issue; it could be that the idp does not have the sp's certificate imported into it that is needed to validate the saml request from the service provider, or vice versa: the service provider can't decode the saml auth from the idp; etc. so there are many configuration steps that need to be performed; and i was unable to find an exact checklist of what those config steps need to be. i just fiddled around with it until i got it to work.

**vsch** · Jan 1st, 2013, 06:03 PM

The SAML Extension manual now contains a quick-start-guide which explains how to get the extension working with SSO Circle as a sample IDP and should help you to get the integration running.

SSOCircle seems to have troubles with IDP Discovery extension which used to be included in the generated metadata by default. The current trunk no longer includes this bit. Also using a non-unique entityId (within the whole SSOCircle service) in generated metadata might be causing the problem.

Thread: SAML Sample code and ssoCircle

Thread Tools

Display

SAML Sample code and ssoCircle

Whats the IDP Configuration ?

Tags for this Thread

Posting Permissions