I got an error State information lost "State information lost" in SimpleSamlphp. Use sprint-security as SP, and configure the Idp on Simplesamlphp. Then,it's ok by browser to redirect the SP webpage to Idp, but after login the username and password, I got an error, "State information lost". ```
Apr 19 08:52:28 simplesamlphp DEBUG [bc5df4b2c1] array (
'id' => 'a3a41e7aia439d7371j5e742e35jhi',
'url' => NULL,
)
Apr 19 08:52:28 simplesamlphp DEBUG [bc5df4b2c1] Ron====sid===end
Apr 19 08:52:28 simplesamlphp DEBUG [bc5df4b2c1] NULL
Apr 19 08:52:28 simplesamlphp DEBUG [bc5df4b2c1] Ron====url===end
Apr 19 08:52:28 simplesamlphp DEBUG [bc5df4b2c1] Ron====state:NULL
Apr 19 08:52:28 simplesamlphp ERROR [bc5df4b2c1] SimpleSAML_Error_NoState: NOSTATE
Apr 19 08:52:28 simplesamlphp ERROR [bc5df4b2c1] Backtrace:
Apr 19 08:52:28 simplesamlphp ERROR [bc5df4b2c1] 2 /var/simplesamlphp/lib/SimpleSAML/Auth/State.php:274 (SimpleSAML_Auth_State::loadState)
Apr 19 08:52:28 simplesamlphp ERROR [bc5df4b2c1] 1 /var/simplesamlphp/modules/saml/www/sp/saml2-acs.php:91 (require)
Apr 19 08:52:28 simplesamlphp ERROR [bc5df4b2c1] 0 /var/simplesamlphp/www/module.php:137 (N/A)
Apr 19 08:52:28 simplesamlphp ERROR [bc5df4b2c1] Error report with id f9c150bb generated.
``` I found the stateID was from which sent by SP. And then in Idp side, now the logs shows the sessions contains two valid cookies for a phpsession, and an authtoken. But both of these Ids could not match with the "RequestId", or "InResponseTo" in the response. I'm just stuck here. How does it happen? Anyone can help? Thanks in advance.
I found the the logic of the php was following with the SP php scripts in my case, and more obviously was that when I changed the "stateId" manually, I got an error like this: SimpleSAML_Error_Exception: This SP [https://domainname/simplesaml/module.php/saml/sp/metadata.php/default-sp] is not a valid audience for the assertion. Candidates were: [com:vdenotaris:spring:sp]
which it's very strange and out of my expectation. Then I checked the file "metadata/saml20-sp-remote.php" that SimpleSAMLphp Documentation says it's for adding the SP metadata into Idp configuration to let it know. Finally, I found that I populated in the wrong SP metadata here. It goes wrong if it like this:
$metadata['com:vdenotaris:spring:sp'] = array(
'AssertionConsumerService' => 'https://domainname/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService' => 'https://domainname/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);
The AssertionConsumerService and SingleLogoutService should be assigned the URLs in your SP,since they're the services on the SP. So it should be like this:
$metadata['com:vdenotaris:spring:sp'] = array(
'AssertionConsumerService' => 'https://SPonRonSever:8443/prj/saml/SSO',
'SingleLogoutService' => 'https://SPonRonSever:8443/prj/saml/SingleLogout',
);
Then when you type "https://SPonRonSever:8443/prj" in the address bar of the browser, it could jump to the login page provided by Idp, after authentication, you could access the web page you wanted.