Matt Raible
James: the point of using Keystore here is so you can have HTTPS when running locally. There are several comments on this post about using http vs https. I was unable to get it to work personally.
Sham Desale
I am getting No IDP was configured,Please update included metadata with atleast one IDP. How do i set the IDP. I have provided the metadata-url in the application.properties as specified in the example. Please help.
Matt Raible
Hello Sham: I haven’t seen this error before. Are you sure you followed the instructions in this tutorial? Another thing is to make sure you have a developer account. Sign up if you don’t have one.
Siva Reddy Vippala
We are facing the same issue and we suspect the SSL is terminating further upstream & the publisher request is incoming as http. Thus, the redirect is sent to http. Does anyone have solution yet on this?
Prabakaran Rajendran
@ramakrishnavemuri I have similar issue, could you please tell me how did you resolve it ?
Prabakaran Rajendran
@mattraible I have similar issue
I see below errors
AbstractReloadingMetadataProvider : Error occurred while attempting to refresh metadata from <metadata_url>
java.lang.IllegalArgumentException: host parameter is null
at org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:205) ~[commons-httpclient-3.0.jar:3.0]
ERROR 15568 — [nio-8443-exec-4] o.o.s.m.p.AbstractMetadataProvider : Metadata provider failed to properly initialize, fail-fast=true, halting
org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
Please let me know what did I missed. https://uploads.disquscdn.c…
PFA, for my app.propertiese
Thanks
Matt Raible
This looks very similar to the application.properties I used when I wrote this tutorial. I’d make sure you don’t have “-admin” in your xxxx variable.
Prabakaran Rajendran
Here is my metadata-url
security.saml2.metadata-url = https://dev-123456.oktaprev…
I am able to authenticate using local copy of “metadata.xml” instead of ‘metadata-url’.
Please help me why ‘security.saml2.metadata-url’ throws No IDP error
Matt Raible
Are you using the value you pasted in this comment, or the one that’s generated from your Okta org? Make sure you’re using the value from the app you created on Okta. If you follow the steps in this article, I’m certain it will work.
Prabakaran Rajendran
Matt, I am using https://dev-893512.oktaprev…
which is generated from Okta org only.
.metadataFilePath(URLEncoder.encode(this.metadataUrl, “UTF-8”)); // Throws error
But
.metadataFilePath(URLEncoder.encode(“metadata.xml”, “UTF-8”)); // Works fine
Matt Raible
I tried this URL in the example and I’m redirected to login to your Okta org just fine. Do you experience the issue before the redirect or after you log in? https://uploads.disquscdn.c…
Prabakaran Rajendran
@mattraible Thank you so much for your help. I did couple of changes and now working
protected void configure(final HttpSecurity http) throws Exception {
WebSSOProfileConsumerImpl ssoConsumer = new WebSSOProfileConsumerImpl();
//ssoConsumer.setMaxAuthenticationAge(MAX_AUTHENTIFICATION_AGE);
ssoConsumer.setResponseSkew(MAX_SKEW_TIME);
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.keyStore()
.storeFilePath(this.keyStoreFilePath)
.password(this.password)
.keyname(this.keyAlias)
.keyPassword(this.password)
.and()
.protocol(“https”)
.hostname(String.format("%s:%s", “localhost”, this.port))
.basePath("/")
.and()
.webSSOProfileConsumer(ssoConsumer) // Second Change, for Response issue time is either too old
.identityProvider()
.metadataFilePath(this.metadataUrl); // First change, removed URLEncoder
//.metadataFilePath(URLEncoder.encode(“metadata.xml”, “UTF-8”));
}
Matt Raible
That’s great to hear! Note that you can format your code so it looks better by wrapping it with <pre><code>. For example:
<pre><code>
your code here
</code></pre>
Ashwini Mutalik Desai
Hi Matt,
Thank you for the tutorial.
We have followed all these steps. On launching the app, it takes us to Okta login page and authenticates as well.
The only problem is post login, there is a redirect loop between app and Okta. Are we missing something? Not able to proceed further.
Matt Raible
Are you using the same code that’s used in this tutorial? Did you create a new developer account or are you using an existing account your company or client already had? It’s difficult for me to help without having more information about what the redirect is and what may be causing it.
Ashwini Mutalik Desai
Hi Matt,
Yes we are using the same code, except for latest version of saml-dsl with spring boot 2.1.0. We are also using a developer account.
We are getting successfully authencticated :AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;https://localhost:7000/saml/metadata;http://www.okta.com/exkia4gysvFMbM9eF0h7;;;
The exception that we are getting now are:java.security.KeyStoreException: Uninitialized keystorejava.lang.NoClassDefFoundError: Could not initialize class org.apache.commons.ssl.TrustMaterial
Looks like a problem with keystore.jks file that we generated. We tried deleting that file and then creating new one, but no luck there.
Matt Raible
I’d suggest taking a look at Spring Security’s documentation about keystores and see if that helps.
Ramakrishna Vemuri
my metadata file was not loading properly, So I was getting no IDP was configured error.
Ashwini Mutalik Desai
One more question I had is, on Sign In tab they say “SAML 2.0 is not configured until you complete the setup instructions.” When I Click on view instructions, okta provides me
1. Identity Provider Single Sign-On URL:
2. Identity Provider Issuer:
3. X.509 Certificate:
4. Optional >> Provide the following IDP metadata to your SP provider.
Where do I need to configure this in my application?
Matt Raible
I assume you’re referring to this image > https://developer.okta.com/…
You don’t need to click the View Setup Instructions button. You just need to right-click on the “Identity Provider metadata” link below it, copy the URL, and paste it into your application.properties.
security.saml2.metadata-url = {the URL you copied}