Grails Spring SAML Security Plugin "SPSSODescriptor not found"
I configured the grails saml plugin and loaded the SP metadata file. When I try to access a protected resource in my application, I get the following error. I cannot find any information on this.
Metadata for entity testing-app and role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor wasn't found
source to share
The first thing I tried (as the percentage of time it works is disappointing) was a Google search for "SPSSODescriptor was not found" (and a few options, but all with quotes to save it as a phrase) and only this question came up. It seemed like looking at the code that generated this post would be the fastest way to figure out what's going on, so I used the GitHub code lookup in the plugin code but still no luck. Google searches for "SPSSODescriptor" (with quotes so it doesn't break down into shorter terms) had many results, but nothing helped after a quick scan.
Looking for the code, I tried a laid-back version of this first search: saml "was not found" - saving "not found" together - and this resulted in finding this code in a class org.springframework.security.saml.context.SAMLContextProviderImpl
in the spring-security-saml project on GitHub:
if (entityDescriptor == null || ,aa,phrase and thatlead to this a/aibg -psroleDescriptor == null) {
throw new MetadataProviderException("Metadata for entity " + localEntityId + " and role " + localEntityRole + " wasn't found");
}
and Bingo! is the library used by the plugin.
So it cannot find the required element <md:SPSSODescriptor>
(which is contained in a descriptor element <md:EntityDescriptor>
with a namespace md
and urn urn:oasis:names:tc:SAML:2.0:metadata
, hence the funky {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor
part of the error message) for the local ObjectID "test-app".
If you look at the message flow in the Wikipedia article , you will see that you are not going to go far without the approval of the Consumer Service metadata contained in the item<md:SPSSODescriptor>
source to share