Dalia

my email server doesn’t run POP. I’m using our company’s internal exchange server which only runs IMAP.

Hi Keith,

There was a network issue between my ADFS machine and wordpress installation which took time to resolve. Now I can access the federation metadata directly in my ADFS box browser.

However, When I try to do step 14, it never gets past and I get this error-

“An error occurred during an attempt to read the federation metadata. Verify that the specified URL or host name is a valid federation metadata endpoint.

Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS 2.0 Troubleshooting Guide (https://go.microsoft.com/fwlink/?LinkId=182180).
Error message: The underlying connection was closed. An unexpected error occurred on a send.”

Do you think my Entity URL could be wrong? I can see the xml alright when I access the URL. How to make sure the URL is correct?

Many thanks.

Hi Keith,

Thanks for that. I was exactly looking for that option over internet when I saw your reply. Just created my own certificate / key and it worked. I can now see all 3 URLs.

However, even though I’ve uploaded them in service provider tab, the status block(5th row) in general tab says ‘you have not provided a Certificate or Private Key for this site. Users may not be able to log in using the SP-first flow’ with a warning sign.

That’s what I had checked first. Apache is running as user daemon.

And the folders have owner and group set as daemon and have access rights drwxr-xr-x. So seems apache can access and write to them.

I tried regenerating the certificates by clicking the ‘generate a new certificate and private key for me’ checkbox in the service provider tab, but that doesn’t seem to create any new certificate.

Some more debugging –

On top of the General tab, I see these three lines –

Notice: Undefined index: entityID in /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/lib/controllers/sso_general.php on line 46

Notice: Undefined index: Logout in /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/lib/controllers/sso_general.php on line 47

Notice: Undefined index: Consumer in /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/lib/controllers/sso_general.php on line 48

When I look at the sso_general.php file, line 46, 47 and 48 are as following –

if(get_option('saml_authentication_options'))
  {
                $saml_opts = get_option('saml_authentication_options');
        }

        $response = wp_remote_get(<strong>constant('SAMLAUTH_URL') . '/saml/www/module.php/saml/sp/metadata.php/' . get_current_blog_id() , array('sslverify' => false)</strong> );

        if(array_key_exists('body',$response))
        {
          $o = $response['body'];

          preg_match('/(entityID="(?P<entityID>.*)")/',$o,$entityID);
                preg_match('/(<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="(?P<Logout>.*)")/',$o,$Logout);
                preg_match('/(<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="(?P<Consumer>.*)" index)/',$o,$Consumer);

                <strong>$metadata['entityID'] = $entityID['entityID'];
                $metadata['Logout'] = $Logout['Logout'];
                $metadata['Consumer'] = $Consumer['Consumer'];</strong>
        }

  include(constant('SAMLAUTH_ROOT') . '/lib/views/nav_tabs.php');
        include(constant('SAMLAUTH_ROOT') . '/lib/views/sso_general.php');

now, in the line $response = wp_remote_get, the URL (/saml/www/module.php/saml/sp/metadata.php/) that is appended to SAMLAUTH_URL doesn’t seem to exist?!

both my 1.cer and 1.key files are present in the stated folder. But both the files are of 0 size, i.e. empty file. Can that be the reason?

Hi Guys,

I’m trying to secure my wordpress internal office blog site with ADFS SSO and came across SAML. While going through this step by step configuration, I’m stuck at step 11 as the Your Entity ID, Single Logout URL and SAML Assertion Consumer URL are all blank.

I saw in the previous posts that people have got issues and while trying to access this link – http(s)://example.com/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1 – as mentioned by Keith, I saw this error – which is slightly different than the error posted above –

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: authsources[‘1’]: Could not find PEM encoded certificate in “/opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/uploads/saml-20-single-sign-on/etc/certs/1/1.cer”.
Backtrace:
3 /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Configuration.php:1106 (SimpleSAML_Configuration::getPublicKeys)
2 /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Utilities.php:1386 (SimpleSAML_Utilities::loadPublicKey)
1 /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/metadata.php:117 (require)
0 /opt/wordpress-3.5.2-0/apps/wordpress/htdocs/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

Could anybody please help me with this? How can I proceed from here? My wordpress is hosted on a LAMP stack.