Closed raayyaa closed 1 year ago
SP Metadata is created on the fly by getSPMetadata method. See an example of a file that generates SP metadata at the demo1/settings.php
Thank you for your answer. So are the metadata generated in the "metadata.php" file? Or is it a new xml file that appears on the server? I'm sorry I didn't understand where to find them.
and what does metadata template in the "metadata.php" file
Thank you.
The method getSPMetadata is the ones that generates the XML.
If you deploy metadata.php in a server and you access it via the browser, you will be able to see the SP metadata.
Hello, thank you, I finally have access to the metadata. I just have a question, I don't have the tags:
You need to add SP private key and SP public cert to the toolkit, and later, if you plan to sign SAML Messages at the SP level, enable on of the Sign flag of the advanced settings.
Review the settings section: https://github.com/onelogin/php-saml#settings
Hello,
I have added the private key (sp.key) and the certificate (sp.crt) in the file /cert and even enabling SAML message signing in the advanced settings file. It doesn't change anything, the x509 certificate doesn't appear and authnRequestsSigned is still ="false".
What I did : add the certificate and the private key in the /cert folder. Add the information of the IPD and the SP in the file "settings" and in the file "advanced_settings" I added the information of a contact and activated the signature of the SAML messages.
I think I am almost there, did I forget a step? I thank you for your precious help
The AuthnRequestsSigned value on the Metadata is controlled by the value of the $authnsign parameter of the builder, which is used in the getSPMetadata method and will have the value of $this->_security['authnRequestsSigned'].
Have you configured properly the authnRequestsSigned advanced setting?
Hello,
I set "authnRequestsSigned" to true.
Here is my advanced parameter file with the changes I made.
I uncommented the "sign the metadata" part I added the 'x509cert' and the 'privatekey' and set the value "true" to 'signMetadata' line 74.
Thank you for your help.
I added the 'x509cert' and the 'privatekey' and set the value "true" to 'signMetadata' line 74.
'x509cert' and the 'privatekey' are the required values you need in order to sign the AuthNRequest
you don't need to enable the signMetadata value.
Is it also necessary to leave the "--BEGIN CERTIFICATE--" when filling the certificate ? The field accept the 2 options, with and without the headers.
Hi,
I filled in the SP info in my "settings.php" file but I still can't find the metadata.
My metadata.php file has not changed Is it an XML file that is created? Or did I miss a step?
I thank you in advance for your help