Closed cheoppy closed 2 years ago
Hi @cheoppy
Put a breakpoint here https://github.com/IdentityPython/djangosaml2/blob/5f956aab8d262cba84f1c52d78b710e059d9007d/djangosaml2/utils.py#L41
you should be alble to get all the idps available (even through MDQ).
It seems that you didn0t get any of them, here https://github.com/IdentityPython/djangosaml2/blob/5f956aab8d262cba84f1c52d78b710e059d9007d/djangosaml2/views.py#L249
Indeed I haven't got any available idps, here's the traceback provided by django at this point:
The configured_idps
is empty. How can it be empty when I use MDQ?
I use djangosaml2 with a MDQ, so I'd suggest to put a breakpoint to check what's happens in your configuration
I did some debugging, and found the following concerning the metadata section of the config:
config.metadata:
type: <class 'saml2.mdstore.MetadataStore'>
value (as string): {https://mdx-2020.eduid.hu/: dict_items([])}
config.metadata.metadata:
type: dict
value (as string): {'https://mdx-2020.eduid.hu/': <saml2.mdstore.MetaDataMDX object at 0x7fa453d45ac8>}
config.metadata.metadata['https://mdx-2020.eduid.hu/']:
type: <class 'saml2.mdstore.MetaDataMDX'>:
value (as string): dict_items([])
result = metadata.any("idpsso_descriptor", "single_sign_on_service")
(L48): empty dict
I seems to me that the saml2.mdstore.MetaDataMDX
is picked up correctly from the config, but it looks empty and thus no idps are found when I initiate the login. What else should I look for?
@peppelinux I've been doing some tests and come up with a solution, see https://github.com/IdentityPython/djangosaml2/pull/327 . I found that the MetaDataMDX object will be always empty unless a lookup is made, which will fetch the appropriate idp and djangosaml2 will see it as a legit metadata source. My minimal working fix may not be the best solution, but it works when the only and primary metadata source is MDQ.
got it @cheoppy, thank you I've just requested some easy changes before merging it and have a new release
not at least, can we converge also to the following issue? https://github.com/IdentityPython/djangosaml2/issues/273
we can pre-select the supported idps and pass to the MDX. Just to tell you if you find something usefull also for you
I'm trying to configure an SSO login similar to EduGAIN, using an MDQ service as the source of the metadata, but I cannot manage to make it work.
It always ends up in the next exception:
The metadata part of the config:
I have tried to look up an example IdP manually in the MDQ, which works fine, here's the minimal working example which shows that the MDQ configured above is working:
which outputs:
where I can see that it actually did parse the IdP data.
What am I missing from the configuration? What else is needed to use the MDQ as an IdP metadata source?