I am trying to install Edge SSO as per: https://docs.apigee.com/private-cloud/v4.18.01/install-and-configure-edge-sso
I am at the step :-
/opt/apigee/apigee-setup/bin/setup.sh -p sso -f configFile
(Note: I am specifying the metadata file instead of URL in configFile)
i got this error:-
-----------------------------------------------------------
[SETUP STAGE] (3/5): Starting and initializing "apigee-sso"
-----------------------------------------------------------
Restarting apigee-sso service
apigee-service: apigee-sso: pid=22823
apigee-service: apigee-sso: OK
apigee-service: apigee-sso: OK
apigee-service: apigee-sso: OK
apigee-service: apigee-sso: Not running (DEAD)
apigee-service: apigee-sso: OK
apigee-configutil: apigee-sso: # OK
apigee-service: apigee-sso: Not running (NO_LOCKFILE)
apigee-service: apigee-sso: status=2, continuing
apigee-service: apigee-sso: OK
apigee-service: apigee-sso: apigee-sso is running
apigee-service: apigee-sso: wait_for_ready timed out
Error: apigee-service: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 6
Error: setup.sh: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 6
I checked the apigee-sso-system.log :-
[xIP: | uAgent:] [transactionId: | method: | URI: | query:] localhost-startStop-1 ERROR o.c.i.u.p.s.SamlIdentityProviderConfigurator - SamlIdentityProviderConfigurator.parseIdentityProviderDefinitions() : Unable to configure SAML provider:SamlIdentityProviderDefinition{idpEntityAlias='adfs', metaDataLocation='file:///opt/apigee/customer/application/apigee-sso/saml/metadata.xml', nameID='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', assertionConsumerIndex=0, metadataTrustCheck=false, showSamlLink=true, socketFactoryClassName='null', linkText='Please log in to your IDP', iconUrl='null', zoneId='uaa', addShadowUserOnLogin='true', skipSslValidation=false}
org.opensaml.saml2.metadata.provider.MetadataProviderException: Invalid metadata type for alias[adfs]:file:///opt/apigee/customer/application/apigee-sso/saml/metadata.xml at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.getExtendedMetadataDelegate(SamlIdentityProviderConfigurator.java:234) [cloudfoundry-identity-server-1.0.0.jar:na]
at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.addSamlIdentityProviderDefinition(SamlIdentityProviderConfigurator.java:170) [cloudfoundry-identity-server-1.0.0.jar:na]
at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.parseIdentityProviderDefinitions(SamlIdentityProviderConfigurator.java:135) [cloudfoundry-identity-server-1.0.0.jar:na]
at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.afterPropertiesSet(SamlIdentityProviderConfigurator.java:409) [cloudfoundry-identity-server-1.0.0.jar:na]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]
Solved! Go to Solution.
Error was caused due to network connection failing between IDP and the Edge SSO server. After the firewall changes the issue was resolved.
Error was caused due to network connection failing between IDP and the Edge SSO server. After the firewall changes the issue was resolved.
hi,
i'm getting the same error while installing and configuring apigeee-sso.
could you please provide your config file that you used to install apigee-sso,so that i can cross verify with mine.
IP1=<Management Server IP>
IP2=<Postgres Master Server IP>
## Management Server configuration.
MSIP=$IP1
MGMT_PORT=<Management Server API Port>
# Edge sys admin username and password as set when you installed Edge.
ADMIN_EMAIL=<Admin username>
APIGEE_ADMINPW=<Admin password>
# Set the protocol for the Edge management API. Default is http.
# Set to https if you enabled TLS on the management API.
MS_SCHEME=http
## Postgres configuration.
PG_HOST=$IP2
PG_PORT=5432
# Postgres username and password as set when you installed Edge.
PG_USER=<postgres user name >
PG_PWD=<postgres password>
# apigee-sso configuration.
SSO_PROFILE="saml"
# Externally accessible IP or DNS name of apigee-sso.
SSO_PUBLIC_URL_HOSTNAME=<DNS Name of your APIGEE SSO Server>
#Port number for APIGEE SSO. For Port number < 1024 , you need to be root user.
SSO_PUBLIC_URL_PORT=443
SSO_TOMCAT_PORT=443
# Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.
SSO_TOMCAT_PROFILE=SSL_TERMINATION
# Specify the path to the keystore file.
SSO_TOMCAT_KEYSTORE_FILEPATH=/opt/apigee/customer/application/apigee-sso/tomcat-ssl/keystore.jks
SSO_TOMCAT_KEYSTORE_ALIAS=ssoalias
# The password specified when you created the keystore. SSO_TOMCAT_KEYSTORE_PASSWORD=password
SSO_PUBLIC_URL_SCHEME=https
# SSO admin user name. The default is ssoadmin.
SSO_ADMIN_NAME=ssoadmin
# SSO admin password using uppercase, lowercase, number, and special chars.
SSO_ADMIN_SECRET=Secret123
# Path to signing key and secret from "Create the TLS keys and certificates" above.
SSO_JWT_SIGNINIG_KEY_FILEPATH=/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem
SSO_JWT_VERIFICATION_KEY_FILEPATH=/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem
# Name of SAML IDP. For example, okta or adfs.
SSO_SAML_IDP_NAME=adfs
# Text displayed to user when they attempt to access Edge UI.
SSO_SAML_IDP_LOGIN_TEXT="Login using your ADFS Account"
# The metadata URL from your IDP. # If you have a metadata file, and not a URL,
# see "Specifying a metadata file instead of a URL" below.
SSO_SAML_IDP_METADATA_URL=https://your-idp-server.com/federationmetadata/2007-06/federationmetadata.xml
# Specifies to skip TLS validation for the URL specified
# by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.
# Default value is "n".
SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION=n
# SAML service provider key and cert from "Create the TLS keys and certificates" above.
SSO_SAML_SERVICE_PROVIDER_KEY=/opt/apigee/customer/application/apigee-sso/saml/server.key
SSO_SAML_SERVICE_PROVIDER_CERTIFICATE=/opt/apigee/customer/application/apigee-sso/saml/server.crt
# Must configure an SMTP server so Edge SSO can send emails to users.
SKIP_SMTP=n
SMTPHOST=<SMTp Host>
SMTPUSER=<User ID>
# omit for no username
SMTPPASSWORD=<Password>
# omit for no password
SMTPSSL=n
SMTPPORT=25
SMTPMAILFROM="<From Id>"
The reason i got this error was because of network issues between the Edge SSO server and IDP server.
Please make sure that the federation metadata XML file URL and all the service endpoint URL mentioned in the XML is accessible from the Edge SSO server
thank you so much