APIGEE EDGE SSO - Installation issue

Not applicable

I am trying to install Edge SSO as per: https://docs.apigee.com/private-cloud/v4.18.01/install-and-configure-edge-sso

I am at the step :-

/opt/apigee/apigee-setup/bin/setup.sh -p sso -f configFile


(Note: I am specifying the metadata file instead of URL in configFile)


i got this error:-

-----------------------------------------------------------

[SETUP STAGE] (3/5): Starting and initializing "apigee-sso"

-----------------------------------------------------------

Restarting apigee-sso service

apigee-service: apigee-sso: pid=22823

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: Not running (DEAD)

apigee-service: apigee-sso: OK

apigee-configutil: apigee-sso: # OK

apigee-service: apigee-sso: Not running (NO_LOCKFILE)

apigee-service: apigee-sso: status=2, continuing

apigee-service: apigee-sso: OK

apigee-service: apigee-sso: apigee-sso is running

apigee-service: apigee-sso: wait_for_ready timed out

Error: apigee-service: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 6 Error: setup.sh: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 6


I checked the apigee-sso-system.log :-

[xIP: | uAgent:] [transactionId: | method: | URI: | query:] localhost-startStop-1 ERROR o.c.i.u.p.s.SamlIdentityProviderConfigurator - SamlIdentityProviderConfigurator.parseIdentityProviderDefinitions() : Unable to configure SAML provider:SamlIdentityProviderDefinition{idpEntityAlias='adfs', metaDataLocation='file:///opt/apigee/customer/application/apigee-sso/saml/metadata.xml', nameID='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', assertionConsumerIndex=0, metadataTrustCheck=false, showSamlLink=true, socketFactoryClassName='null', linkText='Please log in to your IDP', iconUrl='null', zoneId='uaa', addShadowUserOnLogin='true', skipSslValidation=false}

org.opensaml.saml2.metadata.provider.MetadataProviderException: Invalid metadata type for alias[adfs]:file:///opt/apigee/customer/application/apigee-sso/saml/metadata.xml at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.getExtendedMetadataDelegate(SamlIdentityProviderConfigurator.java:234) [cloudfoundry-identity-server-1.0.0.jar:na]

at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.addSamlIdentityProviderDefinition(SamlIdentityProviderConfigurator.java:170) [cloudfoundry-identity-server-1.0.0.jar:na]

at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.parseIdentityProviderDefinitions(SamlIdentityProviderConfigurator.java:135) [cloudfoundry-identity-server-1.0.0.jar:na]

at org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator.afterPropertiesSet(SamlIdentityProviderConfigurator.java:409) [cloudfoundry-identity-server-1.0.0.jar:na] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305) [spring-beans-4.2.2.RELEASE.jar:4.2.2.RELEASE]


Solved Solved
0 5 2,537
1 ACCEPTED SOLUTION

Not applicable

Error was caused due to network connection failing between IDP and the Edge SSO server. After the firewall changes the issue was resolved.

View solution in original post

5 REPLIES 5

Not applicable

Error was caused due to network connection failing between IDP and the Edge SSO server. After the firewall changes the issue was resolved.

Not applicable

hi,

i'm getting the same error while installing and configuring apigeee-sso.

could you please provide your config file that you used to install apigee-sso,so that i can cross verify with mine.

IP1=<Management Server IP>

IP2=<Postgres Master Server IP>

## Management Server configuration.

MSIP=$IP1

MGMT_PORT=<Management Server API Port>

# Edge sys admin username and password as set when you installed Edge.

ADMIN_EMAIL=<Admin username>

APIGEE_ADMINPW=<Admin password>

# Set the protocol for the Edge management API. Default is http.

# Set to https if you enabled TLS on the management API.

MS_SCHEME=http

## Postgres configuration.

PG_HOST=$IP2

PG_PORT=5432

# Postgres username and password as set when you installed Edge.

PG_USER=<postgres user name >

PG_PWD=<postgres password>

# apigee-sso configuration.

SSO_PROFILE="saml"

# Externally accessible IP or DNS name of apigee-sso.

SSO_PUBLIC_URL_HOSTNAME=<DNS Name of your APIGEE SSO Server>

#Port number for APIGEE SSO. For Port number < 1024 , you need to be root user.

SSO_PUBLIC_URL_PORT=443

SSO_TOMCAT_PORT=443

# Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.

SSO_TOMCAT_PROFILE=SSL_TERMINATION

# Specify the path to the keystore file.

SSO_TOMCAT_KEYSTORE_FILEPATH=/opt/apigee/customer/application/apigee-sso/tomcat-ssl/keystore.jks

SSO_TOMCAT_KEYSTORE_ALIAS=ssoalias

# The password specified when you created the keystore. SSO_TOMCAT_KEYSTORE_PASSWORD=password

SSO_PUBLIC_URL_SCHEME=https

# SSO admin user name. The default is ssoadmin.

SSO_ADMIN_NAME=ssoadmin

# SSO admin password using uppercase, lowercase, number, and special chars.

SSO_ADMIN_SECRET=Secret123

# Path to signing key and secret from "Create the TLS keys and certificates" above.

SSO_JWT_SIGNINIG_KEY_FILEPATH=/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem

SSO_JWT_VERIFICATION_KEY_FILEPATH=/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem

# Name of SAML IDP. For example, okta or adfs.

SSO_SAML_IDP_NAME=adfs

# Text displayed to user when they attempt to access Edge UI.

SSO_SAML_IDP_LOGIN_TEXT="Login using your ADFS Account"

# The metadata URL from your IDP. # If you have a metadata file, and not a URL,

# see "Specifying a metadata file instead of a URL" below.

SSO_SAML_IDP_METADATA_URL=https://your-idp-server.com/federationmetadata/2007-06/federationmetadata.xml

# Specifies to skip TLS validation for the URL specified

# by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.

# Default value is "n".

SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION=n

# SAML service provider key and cert from "Create the TLS keys and certificates" above.

SSO_SAML_SERVICE_PROVIDER_KEY=/opt/apigee/customer/application/apigee-sso/saml/server.key

SSO_SAML_SERVICE_PROVIDER_CERTIFICATE=/opt/apigee/customer/application/apigee-sso/saml/server.crt

# Must configure an SMTP server so Edge SSO can send emails to users.

SKIP_SMTP=n

SMTPHOST=<SMTp Host>

SMTPUSER=<User ID>

# omit for no username

SMTPPASSWORD=<Password>

# omit for no password

SMTPSSL=n

SMTPPORT=25

SMTPMAILFROM="<From Id>"

The reason i got this error was because of network issues between the Edge SSO server and IDP server.

Please make sure that the federation metadata XML file URL and all the service endpoint URL mentioned in the XML is accessible from the Edge SSO server

thank you so much