关于simplsamlphp的配置问题，报错找不到元数据怎么解决？

Question

事情是这样的：现在客户有个需求需要接入aws的cognito，而第三方登陆这里使用cognito提供的saml。
这边服务器使用simplesamlphp框架作为idp；但是当配置好之后、接收到从cognito发出的断言时simplesamlphp提示无法定位元信息：

我不确定我的配置是哪里出问题了(虽然肯定是哪里出问题了)，配置代码如下：

saml20-idp-hosted.php 文件：

<?php
$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'host' => '__DEFAULT__',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',
        'auth' => 'example-userpass',
        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
        'authproc' => array(
                100 => array('class' => 'core:AttributeMap', 'name2oid'),
        )
);

saml20-idp-remote.php 文件：

<?php
$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'metadata-set' => 'saml20-idp-remote',
        'entityid' => 'http://www.saml.com/simplesaml/saml2/idp/metadata.php',
        'SingleSignOnService' =>
        array (
          0 =>
          array (
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'http://www.saml.com/simplesaml/saml2/idp/SSOService.php',
          ),
        ),
        'SingleLogoutService' =>
        array (
          0 =>
          array (
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'http://www.saml.com/simplesaml/saml2/idp/SingleLogoutService.php',
          ),
  ),
  'certData' => 'certData',
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
);

提供给cognito的断言：

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="urn:amazon:cognito:sp:us-east-1_YaRHr5R7c">
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDtTCCAp2gAwIBAgIJAOWFqULLmgfjMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTAeFw0xNzEwMjMxMDQ5NThaFw0yNzEwMjMxMDQ5NThaMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0zCV7QvICRkVFKzRlNYYTSdWIs8xEaDseqlnLwKEzp9JG13rdwD7OxrC2V3LchRzAB2lviD6oAxEXrs2L3X4qaKhBLC8UT3mBGEDWtDkH93Kp9zmF4N6SC4fuf0ULtDofmoXv55yTZvbp4ydGXPc9NEq93wX9zPgdzejzBcIjOJu/CmzCCxy6VyTr89/e1WUDxbh5b8O+UNluM0caEXN3gdogtIgNmZqASmzV7oDIimvb6UDhjQjFkCfgwvCiYJvnesMErT8GTQ4sJRVPe5SXYecNr/Gzajdpr7i/NP7uKSoD+ykhua0Ierf3nnIZIe1FQiFlCVjU1PBorL/WlNwMCAwEAAaNQME4wHQYDVR0OBBYEFDUswqEHEi9Xgd7Od4j+WGXfpxiZMB8GA1UdIwQYMBaAFDUswqEHEi9Xgd7Od4j+WGXfpxiZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGUfL1lf/L1V2+fkMUZMzMSaT3HhWikpfvWnVK8IZgJfwdHadxC7N7jp/1quYL7LrJgGR9dbp3rYh2Q6DTXgwl//PFhZtf91thrwYWwKEqsge8S4LBgsNLVSlsO+7ryXy9mvcVNOhnzVirOWU7iv8wDvzbx35BwO8eQI0Rw5lQnpGWI/8wQBJYNTM5GXiJVqWAsSZTTRy5y84tCsesp7U2sNIXBuvRf2fhBul7lucQW/27KBZeeGD+ppU++eyOE6G4irOH78A9B1GK6NpDNKXieOgd+krCsG6WGaa0hqUXFWIloPugMWVVElCu6FAF15Tmm0bWS/47p+LS0hqbG+auc=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDtTCCAp2gAwIBAgIJAOWFqULLmgfjMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTAeFw0xNzEwMjMxMDQ5NThaFw0yNzEwMjMxMDQ5NThaMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0zCV7QvICRkVFKzRlNYYTSdWIs8xEaDseqlnLwKEzp9JG13rdwD7OxrC2V3LchRzAB2lviD6oAxEXrs2L3X4qaKhBLC8UT3mBGEDWtDkH93Kp9zmF4N6SC4fuf0ULtDofmoXv55yTZvbp4ydGXPc9NEq93wX9zPgdzejzBcIjOJu/CmzCCxy6VyTr89/e1WUDxbh5b8O+UNluM0caEXN3gdogtIgNmZqASmzV7oDIimvb6UDhjQjFkCfgwvCiYJvnesMErT8GTQ4sJRVPe5SXYecNr/Gzajdpr7i/NP7uKSoD+ykhua0Ierf3nnIZIe1FQiFlCVjU1PBorL/WlNwMCAwEAAaNQME4wHQYDVR0OBBYEFDUswqEHEi9Xgd7Od4j+WGXfpxiZMB8GA1UdIwQYMBaAFDUswqEHEi9Xgd7Od4j+WGXfpxiZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGUfL1lf/L1V2+fkMUZMzMSaT3HhWikpfvWnVK8IZgJfwdHadxC7N7jp/1quYL7LrJgGR9dbp3rYh2Q6DTXgwl//PFhZtf91thrwYWwKEqsge8S4LBgsNLVSlsO+7ryXy9mvcVNOhnzVirOWU7iv8wDvzbx35BwO8eQI0Rw5lQnpGWI/8wQBJYNTM5GXiJVqWAsSZTTRy5y84tCsesp7U2sNIXBuvRf2fhBul7lucQW/27KBZeeGD+ppU++eyOE6G4irOH78A9B1GK6NpDNKXieOgd+krCsG6WGaa0hqUXFWIloPugMWVVElCu6FAF15Tmm0bWS/47p+LS0hqbG+auc=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.saml.com/simplesaml/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.saml.com/simplesaml/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:ContactPerson contactType="technical">
    <md:GivenName>zhong</md:GivenName>
    <md:EmailAddress>40613****@qq.com</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

求大神解惑

Answer 1

找到原因了，主要是要配置它的saml20-sp-remote.php文件：

$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'AssertionConsumerService' => 'https://testcloud.auth.us-east-1.amazoncognito.com/saml2/idpresponse',
        'SingleLogoutService' => 'https://testcloud.auth.us-east-1.amazoncognito.com/logout?client_id=7tkior5512sk93rmb5der0aa0r&logout_uri=https://test.dvrskype.com/test/logout',
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        'simplesaml.attributes' => FALSE,
);

最后说一句，官方文档简直有毒，还不如上官方论坛研究下:(