Thank you Maxime,
In reviewing the metadata and LLNG config, we have succeeded in setting up SSO for this SP.
The solution:
I don't think all those changes are necessary, so I will update this thread when I have distilled the crucial change.
Hi Maxime,
Thank you for your reply.
I re-tested the error to ensure a match between lasso version and server.c line number. The error I received this time is:
2022-04-20 08:56:47 | LLNG[2478]: [debug] Get Metadata for SP organization.service.com
2022-04-20 08:56:47 | LLNG[2478]: [debug] Lasso error [ critical ]: 2022-04-20 08:56:47 (server.c/:72) Failed to add new provider.
2022-04-20 08:56:47 | LLNG[2478]: [error] Lasso error code -202: Failed to add new provider.
2022-04-20 08:56:47 | LLNG[2478]: [error] Fail to use SP organization.service.com Metadata
LEMONLDAP_VERSION=2.0.14
LASSO_VERSION=v2.8.0
Based on that info, I found what I think is the line number in the source code: https://repos.entrouvert.org/lasso.git/tree/lasso/saml-2.0/server.c#n72
<?xml version="1.0" encoding="utf-16"?>
<EntityDescriptor entityID="https://0b2076f0-4054-4937-98a5-08199ed2fee5.tenants.service.com/samlLogin" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<Extensions>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" xmlns="urn:oasis:names:tc:SAML:metadata:algsupport" />
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="urn:oasis:names:tc:SAML:metadata:algsupport" />
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" xmlns="urn:oasis:names:tc:SAML:metadata:algsupport" />
<SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" xmlns="urn:oasis:names:tc:SAML:metadata:algsupport" />
</Extensions>
<SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://organization.service.com/xxx/xx/auth/login/samlLogin.xxx" index="0" isDefault="true" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://organization.service.com/xxx/xx/auth/login/samlLogin.xxx" index="1" />
</SPSSODescriptor>
</EntityDescriptor>
I will spend some more time checking this metadata format to see if I can spot an error. Thank you for your time.