Spring Security SAML2 未找到 entityID

Question

I'm working to get my Spring Boot (v. 2.0.1) application working with an SSO provider. When I try to hit the login page, I get the following error:

No hosted service provider is configured and no alias was selected

and when I try to hit the discovery page, I get the following error:

Entity ID parameter must be specified

Both appear to be because of a missing entityID. It's not clear to me if it's the SP or IDP entityID that's missing. My application is setting the entityId in a bean as such:

@Bean
fun metadataGenerator():MetadataGenerator {
    val metadataGenerator = MetadataGenerator()
    metadataGenerator.entityId = "my:custom:entity:id"
    metadataGenerator.extendedMetadata = extendedMetadata()
    metadataGenerator.isIncludeDiscoveryExtension = true
    metadataGenerator.setKeyManager(keyManager())
    return metadataGenerator
}

And the IDP's metadata XML is being read (I can see it getting parsed at one point during start up) and contains an entityID.

Somewhere along the way, some entityID is getting lost and creating these errors. I can't seem to track down how that's happening.

Answer 1

The missing entityID must be the IDP's.

Have you setup your CachingMetadataManager properly? Make sure the IDP is added as a MetadataProvider. And the IDP's ExtendedMetadata must set idpDiscoveryEnabled to true

Answer 2

In case you haven't checked, go take a look at the SP's metadata config at IDP. Make sure SP you are using at the IDP is configured to the values from SP's metadata, eg: /saml/metadata. Should be an xml content. Ensure the two Locations, certData, and SingleLogoutService is correct. This is the fix from my senior colleague.