Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Grails Spring Security SAML plugin "SPSSODescriptor wasn't found"

Tags:

grails

spring-security

saml

I've configured the grails saml plugin and its loads the SP metadata file. When I try to access a protected resource on the application I get the following error. I can't seem to find any information about it.

Metadata for entity testing-app and role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor wasn't found

like image 960
nialloc Avatar asked Oct 18 '25 17:10

nialloc

2 Answers

The first thing I tried (since a frustrating percentage of the time this works) was a Google search for “SPSSODescriptor wasn't found” (and a few variants, but all with quotes to keep it as a phrase) and only this question came up. It seemed like looking at the code that generated that message would be the quickest path to finding out that's going on, so I used GitHub's code search in the plugin code but still no luck. Google searches for "SPSSODescriptor" (with quotes to keep it from being split into shorter terms) had lots of results but nothing obviously helpful after a quick scan.

Still looking for code, I tried a relaxed version of that first search: saml "wasn't found"' - keeping "wasn't found" together - and that led to discovering this code in the org.springframework.security.saml.context.SAMLContextProviderImpl class in the spring-security-saml project at GitHub:

if (entityDescriptor == null || ,aa,phrase and thatlead to this a/aibg -psroleDescriptor == null) {
    throw new MetadataProviderException("Metadata for entity " + localEntityId + " and role " + localEntityRole + " wasn't found");
}

and Bingo! - that is a library used by the plugin.

So it's failing to find a required <md:SPSSODescriptor> element (which is contained in an <md:EntityDescriptor> descriptor element with namespace md and urn urn:oasis:names:tc:SAML:2.0:metadata, hence the funky {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor part of the error message) for local entity id "testing-app".

If you look at the sample message flow in the Wikipedia article you'll see that you're not going to get far without the Assertion Consumer Service metadata that's contained in the <md:SPSSODescriptor> element

like image 101
Burt Beckwith Avatar answered Oct 21 '25 04:10

Burt Beckwith

The issue was with a typo in the default SP alias. So it was loading the SP metadata file but failing to find the entityDescriptor because the alias lookup was incorrect

like image 43
nialloc Avatar answered Oct 21 '25 05:10

nialloc
Sign in to Comment

Related questions

Syntax for "addAll()" to list in grails?
How to set the hibernate dialect in Grails 3.0.1
error: failed to read artifact descriptor for xalan

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!