Menu
▾
▴
Re: [Unity-idm-discuss] Unable to configure metadata URL
|
From: Gerben V. <ger...@su...> - 2015-09-03 14:55:12
|
Solved my issue. I have been mixing up DNS names a bit and changing the configuration on one VM and checking the effects on another. Indeed for this second VM the metadata was named metedata1. So, in effect I have been putting myself on a wild goose chase so to speak. Now I am getting the response I am expecting. Cleanup my caches now as not to make this mistake twice… Thanks, Gerben > On 03 Sep 2015, at 15:19, Gerben Venekamp <ger...@su...> wrote: > >> On 03 Sep 2015, at 14:56, Krzysztof Benedyczak <go...@ic... <mailto:go...@ic...>> wrote: >> >> Hi, >> >> W dniu 03.09.2015 o 14:23, Gerben Venekamp pisze: >>> Recently I have migrated a Unity installation to a different machine. In >>> doing so, I have changed the configuration slightly. I had to change the >>> URL of the metadata, because the new machine resolves to a new name. At >>> the same time I changed the name of the metadata file. In the examples >>> the metatdata file was always referenced as metadata1. I could not >>> understand the necessity of the ‘1’ and hence removed it. As it tuned >>> out, the configured URL leads to a ‘404, Not Found’. No matter what I >>> name my metadata file in the below configuration, it will always be: >>> https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata*1* <https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata*1*> >>> >>> It does not matter if I call it ‘metadata’ or ‘metadataaaaaa’. It always >>> seems to live at: ‘metadata1’. I am not sure this is a bug, for I cannot >>> find ‘metadata1’ in the source files (version: 1.6.1). Tried to look >>> deeper in to the code, but Eclipse (Mars) does not seem to work with >>> ‘m2e’ and gives me errors. Then again, I am not experienced with Eclipse. >>> >>> My configuration file: >>> >>> unity.saml.requester.requesterEntityId=https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata >>> unity.saml.requester.metadataPath=metadata >>> unity.saml.requester.requesterCredential=surfsara >>> unity.saml.requester.acceptedNameFormats.1=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent >>> unity.saml.requester.acceptedNameFormats.2=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress >>> unity.saml.requester.acceptedNameFormats.3=urn:oasis:names:tc:SAML:2.0:nameid-format:transient >>> >>> #unity.saml.requester.displayName=Remote SAML authentication (SURFconext) >>> >>> unity.saml.requester.remoteIdp.1.name=SURFconext IdP >>> unity.saml.requester.remoteIdp.1.address=https://engine.surfconext.nl/authentication/idp/single-sign-on >>> unity.saml.requester.remoteIdp.1.samlId=https://engine.surfconext.nl/authentication/idp/metadata >>> unity.saml.requester.remoteIdp.1.certificate=SURFconext >>> unity.saml.requester.remoteIdp.1.groupMembershipAttribute=urn:oid:1.3.6.1.4.1.5923.1.1.1.1 >>> unity.saml.requester.remoteIdp.1.requestedNameFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:transient >>> #unity.saml.requester.remoteIdp.1.requestedNameFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified >>> unity.saml.requester.remoteIdp.1.translationProfile=SURFconext >>> >>> What must I do to make the metadata appear at the configured URL? >> >> Recap: >> unity.saml.requester.metadataPath is responsible for the last part of the metadata path, you should set this to change the path. >> >> The unity.saml.requester.requesterEntityId is SAML id which in the end can be any string. However SAML profiles recommend it to be an URL of server's metadata. So you should change it too, but changing it won't influence metadata position. > > I have seen that behaviour indeed. The last part of the URL changes to unity.saml.requester.metadataPath. However, I have kept both the same. > >> >> Assuming you set both correctly you have to reload your SAML authenticator (from adminUI servermanagement->authenticators). Only then the new config will be loaded. > > I have done that many times already. Unity tells me that it was successfully reloaded. I have also completely restarted Unity, though. I just did both again. From the samlWeb Authenticator I read the following part of what is configured: > > unity.saml.requester.requesterEntityId=https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata <https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata> > unity.saml.requester.metadataPath=metadata > Using the following URL in firefox: > https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata <https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata> > > results in: > HTTP Error: 404 > > Error reason: > No metadata at this location: /metadata > > Cheers, > Gerben > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140_______________________________________________ <http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140_______________________________________________> > Unity-idm-discuss mailing list > Uni...@li... <mailto:Uni...@li...> > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss <https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss> |
