Ciao, sto provando #spid-php con interfacciamento a #spid-testenv-docker, solo che incontro qualche difficoltà.
Ho aggiunto nel file saml20-idp-remote.php questa entry per l’interfacciamento all’ambiente di test:
$metadata[‘https://spid-testenv-identityserver:9443’] = array (
‘entityid’ => ‘https://spid-testenv-identityserver:9443’,
‘entityDescriptor’ => ‘_5c2n3699-c647-82gd-hfjs-ak4xu6710475’,
‘description’ =>
array (
‘it’ => ‘AGID - IDP Test SPID’,
),
‘OrganizationName’ =>
array (
‘it’ => ‘AGID - IDP Test SPID’,
),
‘name’ =>
array (
‘it’ => ‘AGID - IDP Test SPID’,
),
‘OrganizationDisplayName’ =>
array (
‘it’ => ‘AGID - IDP Test SPID’,
),
‘url’ =>
array (
‘it’ => ‘https://www.spid.gov.it’,
),
‘OrganizationURL’ =>
array (
‘it’ => ‘https://www.spid.gov.it’,
),
‘contacts’ =>
array (
),
‘metadata-set’ => ‘saml20-idp-remote’,
‘sign.authnrequest’ => false,
‘SingleSignOnService’ =>
array (
0 =>
array (
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’,
‘Location’ => ‘https://spid-testenv-identityserver:9443/samlsso’,
),
1 =>
array (
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
‘Location’ => ‘https://spid-testenv-identityserver:9443/samlsso’,
),
),
‘SingleLogoutService’ =>
array (
0 =>
array (
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’,
‘Location’ => ‘https://spid-testenv-identityserver:9443/samlsso’,
),
1 =>
array (
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
‘Location’ => ‘"https://spid-testenv-identityserver:9443/samlsso’,
),
),
‘ArtifactResolutionService’ =>
array (
),
‘NameIDFormats’ =>
array (
0 => ‘urn:oasis:names:tc:SAML:2.0:nameid-format:transient’,
),
‘keys’ =>
array (
0 =>
array (
‘encryption’ => false,
‘signing’ => true,
‘type’ => ‘X509Certificate’,
‘X509Certificate’ => ‘MIIDZz…’,
),
)
);
Effettivamente arrivo alla pagina di login dell’IdP:
https://spid-testenv-identityserver:9443/authenticationendpoint/login.do?RelayState…
Inserisco le credenziali di prova, ma il ritorno ricevo questo errore:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /var/www/vhosts/spid.patente.it/httpdocs/spid-php/vendor/simplesamlphp/simplesamlphp/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity ID ‘https://spid-testenv-identityserver:9443/’
Backtrace:
2 /var/www/vhosts/spid.patente.it/httpdocs/spid-php/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:134 (sspmod_saml_Auth_Source_SP::getIdPMetadata)
1 /var/www/vhosts/spid.patente.it/httpdocs/spid-php/vendor/simplesamlphp/simplesamlphp/modules/saml/www/sp/saml2-acs.php:91 (require)
0 /var/www/vhosts/spid.patente.it/httpdocs/spid-php/vendor/simplesamlphp/simplesamlphp/www/module.php:137 (N/A)
Ho verificato le diverse configurazioni e sembrano corrette, ma evidentemente qualcosa mi sfugge.
Ambedue i sistemi SP e IdP girano su un server linux (Centos7) di sviluppo in locale (spid-testenv-identityserver=>localhost, spid.patente.it=>localhost)
Qualche idea?
Grazie!