Simplesamlphp unhandled exception error while using as SP

single-sign-on saml simplesamlphp

17,873

Solution 1

"Unable to find the current binding." means exactly that, that the current binding cannot be determined. Your saml20-idp-remote.php mentions HTTP-POST binding, and your log mentions Request method: 'GET', so probably something goes wrong while posting to https://…/module.php/saml/sp/saml2-acs.php/default-sp.

I'm just doing a wild guess here, but in my experience, the most common cause is a redirecting web server. Maybe you redirect to a different hostname? Do you force HTTPS? Check on the IdP that the URLs for the AssertionConsumerService are correct - they should lead directly to SimpleSamlPhp without any redirect.

Solution 2

I faced same situation.

THe saml entity was pointing to www.mysite.com in the apache configuration we were redirecting www.mysite.com to mysite.com with redirect code 301, after changing to redirect code 307 to preserve get and post variables it started working fine.

Thanks, Anubhav

17,873

Author by

user2686172

Updated on June 25, 2022

Comments

user2686172 almost 2 years

After successfully receiving the SAML 2.0 token while using simplesamlphp as a Service Provider I get the following error.

 Oct 21 17:30:15 simplesamlphp DEBUG [6b6e3c270f] GenerateGroups - attribute 'eduPersonAffiliation' not found.
    Oct 21 17:30:15 simplesamlphp DEBUG [6b6e3c270f] Session: doLogin("default-sp")
    Oct 21 17:30:15 simplesamlphp WARNING [6b6e3c270f] Unable to find the SAML 2 binding used for this request.
    Oct 21 17:30:15 simplesamlphp WARNING [6b6e3c270f] Request method: 'GET'
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Backtrace:
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 0 /var/www/simplesamlphp/www/module.php:180 (N/A)
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Caused by: Exception: Unable to find the current binding.
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Backtrace:
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 2 /var/www/simplesamlphp/lib/SAML2/Binding.php:95 (SAML2_Binding::getCurrentBinding)
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 1 /var/www/simplesamlphp/modules/saml/www/sp/saml2-acs.php:11 (require)
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 0 /var/www/simplesamlphp/www/module.php:135 (N/A)
    Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Error report with id bd213fb5 generated.

My SP is set up like this:

**authsources.php**

    'default-sp' => array(
        'saml:SP',
        'entityID' => NULL,
        'idp' => NULL,
        'discoURL' => NULL,
        'RelayState' => '{link to my application}',
        'acs.Bindings' => array(
            'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
            'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
        ),
    ),

saml20-idp-remote.php

$metadata['https://{idp entity id}'] = array(
    'metadata-set' => 'saml20-idp-remote',
    'entityid' => 'https://{idp entity id}',
    'name' => array(
        'en' => 'IDP Name',
        'no' => 'IDP name',
    ),
    'description'  => 'IDP desc',
    'SingleSignOnService' => 
      array (
        0 => 
        array (
          'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
          'Location' => '{SSO url}',
        ),
        1 =>
        array(
          'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
          'Location' => '{SSO url}',
        ),
      ),
    'SingleLogoutService'  => '{SLO url}',
    'certFingerprint' => '{the fingerprint}',
);

I am pretty new to Single Sign on. I have also hid the urls for confidentiality but I am not sure if I am missing something or whats causing this error to be thrown. If anyone could help point me in the right direction that would be greatly appreciated. I should also mention I am trying to use https://drupal.org/project/simplesamlphp_auth to hook into my application.

This is an IDP first flow. I am use mysql to store the sessions.

rsabir about 8 years

+1 It was the case for me. I've made a config in apache to redirect all queries of http to https (proxy) but the redirection doesn't keep the Post query (Type of query (POST/GET) + parameters). So to work around this problem, I was obliged to activate https in simplesamlphp.
rsabir about 8 years

There's also another solution for others that have the same problem: Change the redirect permanent in apache2.conf/httpd.conf to redirect 307. With this change, you won't need to set an https for simplesamlphp
The Unknown Dev about 7 years

@rsabir What do you mean by "activate https in simplesamlphp"? Was there a configuration value to turn on https redirection in simplesamlphp?
jornane about 7 years

@KimberlyW You can set the baseurl in the configuration file to start with https. Normally it will try to detect whether you use HTTPS or not, but this may fail for example if you're behind a reverse proxy. Best is to set the baseurl explicit.
The Unknown Dev about 7 years

@jornane I see thanks, but is there a way to do that while keeping that baseurlpath relative? According to the comment above that property, if you include the protocol https, you also need the hostname/fqdn. In my case, my application can be accessed by more than one URL, so I can't fix it to just one.
jornane about 7 years

@KimberlyW the config file is PHP so you can script it. Then again this here is no support forum and this is getting very off-topic. If your setup requires special handling, you should ask a separate question.