ssocircle: Unable to do Single Sign On or Federation.

[CrossfireCurt]

Hi, I'm very new to SAML so my apologies if this is a stupid question.

I've setup the project locally (localhost:8080) and running it through IntelliJ. I can successfully get to the landing page and select ssocircle as the IdP. Once I'm redirected to ssocircle, I authenticate and then I get the following error:

Error occurred

Reason: Unable to do Single Sign On or Federation.

Please enable the additional debug option in "My Debug".
Detailed trace information only available with paid accounts.
Check our plans.

The handshake did not complete and my local instance never got any information from ssocircle.

Is this a limitation of my environment? Is this because ssocircle can't talk back to my server? Thanks for your help!

[CrossfireCurt]

Figured this out. Had to create my own metadata and upload it to ssocircle for my own entityId.

[CrossfireCurt]

@hmannam you cannot invoke the login handshake via AJAX/XMLHTTPRequest.

[CrossfireCurt]

Yes, redirect the browser. Have you tried standing up the example and trying it there? The example project works very well.

[CrossfireCurt]

You are asking questions about something that has nothing to do with this project.

[suvarnajayanth]

Hi CrossfireCurt Even am getting same error '' `Error occurred

Reason: Unable to do Single Sign On or Federation.

Please enable the additional debug option in "My Debug". Detailed trace information only available with paid accounts. Check our plans.`

I did not clear on your second post

'Figured this out. Had to create my own metadata and upload it to ssocircle for my own entityId.'

I created metadata by using the url : saml/metadata , and uploaded , still its not working , could you please help me ?

[CrossfireCurt]

@suvarnajayanth how am I supposed to help you if you don't supply any details?

[raymond4ca]

I have the same issue. I created a new metadata with new entityID, but it still doesn't work.

[hookhead]

Hi Vincenzo,

This isn't really an issue, but more of a question...

I have downloaded your code and have got it working quite easily. Thank you.

I am now trying to integrate it into an existing project. For simplicity, for the moment I am still using SSOCircle and the same SP Entity ID.

The existing project uses an applicationContext.xml file, so there was a little bit of tweaking involved. I had to add the following to the applicationContext.xml as configure(HttpSecurity http) wasn't been called (non-Spring boot environment I guess?).

`

<http entry-point-ref="samlEntryPoint" pattern="/saml/**">
    <intercept-url pattern="/saml/**" access=".../>
    <http-basic />
    <custom-filter before="CHANNEL_FILTER" ref="metadataGeneratorFilter"/>
    <custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
    <custom-filter before="CSRF_FILTER" ref="samlFilter"/>
</http>

`

This seems to work to a degree, but when I do the discovery I get the same error as the guys above.

I am surprised, as your sample code is still working perfectly and I am using effectively the same code, service provider id etc., with the exception that I am using an applicationContext.xml.

What are the most common reasons for getting this error, and given that your code is still working and mine is failing, while using SSO Circle, the same SP Entity ID, etc., do you have any idea what I may be doing wrong?

Many thanks in advance, Mark

[supernicky22]

Hi everybody, as I do not find out how to place my question elsewhere (in stackoverflow I am not allowed to place questions yet).

I have 2 applications with as I think exactly the same SAMLWebSecurityConfigurerAdapter. As I am puzzling around with the SAML for some days now, the metadata creation is still containing the vdnotaris. One of the apps works fine: I start it, get to ssocircle, log on or click on "I am not a robot", am routed back, fine. The second one gives me the error after logging on or after the robot-check. Why? Any hint would really be appreciated. Thanks a lot.