{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
This question was closed Apr 19, 2018 at 10:27 AM by Jaideep Menon for the following reason: The question is answered, right answer was accepted
avatar image
0
Question by Jaideep Menon · Apr 10, 2018 at 11:34 AM · 586 Views ssoadfsegde

APIGEE EDGE SSO - Installation issue

I am trying to install Edge SSO as per: https://docs.apigee.com/private-cloud/v4.18.01/install-and-configure-edge-sso

I am at the step :-

/opt/apigee/apigee-setup/bin/setup.sh -p sso -f configFile


(Note: I am specifying the metadata file instead of URL in configFile)


i got this error:-

-----------------------------------------------------------

[SETUP STAGE] (3/5): Starting and initializing "apigee-sso"

-----------------------------------------------------------

Restarting apigee-sso service

apigee-service: apigee-sso: pid=22823

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: Not running (DEAD)

apigee-service: apigee-sso: OK

apigee-configutil: apigee-sso: # OK

apigee-service: apigee-sso: Not running (NO_LOCKFILE)

apigee-service: apigee-sso: status=2, continuing

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: apigee-sso is running

apigee-service: apigee-sso: wait_for_ready timed out

Error: apigee-service: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 6 Error: setup.sh: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 6


I checked the apigee-sso-system.log :-

[xIP: | uAgent:] [transactionId: | method: | URI: | query:] localhost-startStop-1 ERROR o.c.i.u.p.s.SamlIdentityProviderConfigurator - SamlIdentityProviderConfigurator.parseIdentityProviderDefinitions() : Unable to configure SAML provider:SamlIdentityProviderDefinition{idpEntityAlias='adfs', metaDataLocation='file:///opt/apigee/customer/application/apigee-sso/saml/metadata.xml', nameID='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', assertionConsumerIndex=0, metadataTrustCheck=false, showSamlLink=true, socketFactoryClassName='null', linkText='Please log in to your IDP', iconUrl='null', zoneId='uaa', addShadowUserOnLogin='true', skipSslValidation=false}

org.opensaml.saml2.metadata.provider.MetadataProviderException: Invalid metadata type for alias[adfs]:file:///opt/apigee/customer/application/apigee-sso/saml/metadata.xml at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.getExtendedMetadataDelegate(SamlIdentityProviderConfigurator.java:234) [cloudfoundry-identity-server-1.0.0.jar:na]

at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.addSamlIdentityProviderDefinition(SamlIdentityProviderConfigurator.java:170) [cloudfoundry-identity-server-1.0.0.jar:na]

at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.parseIdentityProviderDefinitions(SamlIdentityProviderConfigurator.java:135) [cloudfoundry-identity-server-1.0.0.jar:na]

at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.afterPropertiesSet(SamlIdentityProviderConfigurator.java:409) [cloudfoundry-identity-server-1.0.0.jar:na] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]


Comment
Add comment Show 4
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image pavan kumar · Aug 01, 2018 at 12:04 PM 0
Link

hi,

i'm getting the same error while installing and configuring apigeee-sso.

could you please provide your config file that you used to install apigee-sso,so that i can cross verify with mine.

avatar image Jaideep Menon pavan kumar · Aug 06, 2018 at 08:57 AM 0
Link

IP1=<Management Server IP>

IP2=<Postgres Master Server IP>

## Management Server configuration.

MSIP=$IP1

MGMT_PORT=<Management Server API Port>

# Edge sys admin username and password as set when you installed Edge.

ADMIN_EMAIL=<Admin username>

APIGEE_ADMINPW=<Admin password>

# Set the protocol for the Edge management API. Default is http.

# Set to https if you enabled TLS on the management API.

MS_SCHEME=http

## Postgres configuration.

PG_HOST=$IP2

PG_PORT=5432

# Postgres username and password as set when you installed Edge.

PG_USER=<postgres user name >

PG_PWD=<postgres password>

# apigee-sso configuration.

SSO_PROFILE="saml"

# Externally accessible IP or DNS name of apigee-sso.

SSO_PUBLIC_URL_HOSTNAME=<DNS Name of your APIGEE SSO Server>

#Port number for APIGEE SSO. For Port number < 1024 , you need to be root user.

SSO_PUBLIC_URL_PORT=443

SSO_TOMCAT_PORT=443

# Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.

SSO_TOMCAT_PROFILE=SSL_TERMINATION

# Specify the path to the keystore file.

SSO_TOMCAT_KEYSTORE_FILEPATH=/opt/apigee/customer/application/apigee-sso/tomcat-ssl/keystore.jks

SSO_TOMCAT_KEYSTORE_ALIAS=ssoalias

# The password specified when you created the keystore. SSO_TOMCAT_KEYSTORE_PASSWORD=password

SSO_PUBLIC_URL_SCHEME=https

# SSO admin user name. The default is ssoadmin.

SSO_ADMIN_NAME=ssoadmin

# SSO admin password using uppercase, lowercase, number, and special chars.

SSO_ADMIN_SECRET=Secret123

# Path to signing key and secret from "Create the TLS keys and certificates" above.

SSO_JWT_SIGNINIG_KEY_FILEPATH=/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem

SSO_JWT_VERIFICATION_KEY_FILEPATH=/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem

# Name of SAML IDP. For example, okta or adfs.

SSO_SAML_IDP_NAME=adfs

# Text displayed to user when they attempt to access Edge UI.

SSO_SAML_IDP_LOGIN_TEXT="Login using your ADFS Account"

# The metadata URL from your IDP. # If you have a metadata file, and not a URL,

# see "Specifying a metadata file instead of a URL" below.

SSO_SAML_IDP_METADATA_URL=https://your-idp-server.com/federationmetadata/2007-06/federationmetadata.xml

# Specifies to skip TLS validation for the URL specified

# by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.

# Default value is "n".

SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION=n

# SAML service provider key and cert from "Create the TLS keys and certificates" above.

SSO_SAML_SERVICE_PROVIDER_KEY=/opt/apigee/customer/application/apigee-sso/saml/server.key

SSO_SAML_SERVICE_PROVIDER_CERTIFICATE=/opt/apigee/customer/application/apigee-sso/saml/server.crt

# Must configure an SMTP server so Edge SSO can send emails to users.

SKIP_SMTP=n

SMTPHOST=<SMTp Host>

SMTPUSER=<User ID>

# omit for no username

SMTPPASSWORD=<Password>

# omit for no password

SMTPSSL=n

SMTPPORT=25

SMTPMAILFROM="<From Id>"

avatar image Jaideep Menon pavan kumar · Aug 06, 2018 at 09:02 AM 0
Link

The reason i got this error was because of network issues between the Edge SSO server and IDP server.

Please make sure that the federation metadata XML file URL and all the service endpoint URL mentioned in the XML is accessible from the Edge SSO server

avatar image pavan kumar Jaideep Menon · Aug 06, 2018 at 11:13 AM 0
Link

thank you so much

Close

1 Answer

  • Sort: 
avatar image
0
Best Answer

Answer by Jaideep Menon · Apr 19, 2018 at 10:27 AM

Error was caused due to network connection failing between IDP and the Edge SSO server. After the firewall changes the issue was resolved.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

55 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Has anyone tried to setup SSO with Apigee Edge Enterprise UI, specifically using ADFS SAML? 5 Answers

What are the prerequisites to be taken to configure Edge SSO in apigee private cloud 0 Answers

Slashes being added to end of request URI when param value contains "http://" 4 Answers

API Monitoring Management APIs error 1 Answer

Multiple Prod environmetns 2 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges