peppelinux
commented
4 years ago The IdP doesn't have the sp metadata, renew this with wget or whatever copy/paste
Closed alacret closed 4 years ago
peppelinux
commented
4 years ago The IdP doesn't have the sp metadata, renew this with wget or whatever copy/paste
alacret
commented
4 years ago @peppelinux I follow these steps:
http://localhost:8000/saml2/metadata//example_setup/idp/idp/saml2_config/sp_metadata.xml
alacret
commented
4 years ago @peppelinux
Also, I tried updating the settings on the idp/settings.py by adding the attribute_map_dir and metadata properties:
SAML_IDP_CONFIG = {
'debug': DEBUG,
'xmlsec_binary': get_xmlsec_binary(['/opt/local/bin', '/usr/bin/xmlsec1']),
'entityid': 'http://localhost:9000/idp/metadata/',
'description': 'Example IdP setup',
'service': {
'idp': {
'name': 'Django localhost IdP',
'endpoints': {
'single_sign_on_service': [
('http://localhost:9000/idp/sso/post/', saml2.BINDING_HTTP_POST),
('http://localhost:9000/idp/sso/redirect/', saml2.BINDING_HTTP_REDIRECT),
],
"single_logout_service": [
("http://localhost:9000/idp/slo/post/", saml2.BINDING_HTTP_POST),
("http://localhost:9000/idp/slo/redirect/", saml2.BINDING_HTTP_REDIRECT)
],
},
'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED],
'sign_response': True,
'sign_assertion': True,
'want_authn_requests_signed': True,
},
},
'attribute_map_dir': os.path.join(os.path.join(os.path.join(BASE_DIR, 'idp'), 'saml2_config'), 'attribute-maps'),
'metadata': {
'local': [os.path.join(os.path.join(os.path.join(BASE_DIR, 'idp'), 'saml2_config'), 'sp_metadata.xml')],
},
# Signing
'key_file': BASE_DIR + '/certificates/private.key',
'cert_file': BASE_DIR + '/certificates/public.cert',
# Encryption
'encryption_keypairs': [{
'key_file': BASE_DIR + '/certificates/private.key',
'cert_file': BASE_DIR + '/certificates/public.cert',
}],
'valid_for': 365 * 24,
}
if you set 'want_authn_requests_signed': False and it works, it means that metadata are not aligned
alacret
commented
4 years ago @peppelinux
I set up want_authn_requests_signed to False and indeed that error went away, so probably I will check the certificates and the metadata to validate the key and cert.
A new error is showing now:
Error during SAML2 authentication
UnknownSystemEntity
http://localhost:8000/saml2/metadata/Investigating these today and debugging to see what's the problem
peppelinux
commented
4 years ago It doesn't find the SP entityID in its metadatastore
alacret
commented
4 years ago @peppelinux
Still the same error:
Error during SAML2 authentication
UnknownSystemEntity
http://localhost:8000/saml2/metadata/saml2_config to the /example_setup/idp foldersp_metadata.xmlSAML_IDP_CONFIG dict: 'metadata': {
'local': [os.path.join(os.path.join(os.path.join(BASE_DIR, 'idp'), 'saml2_config'), 'sp_metadata.xml')],
},SIDENOTE: I disable the signatures SIDENOTE: Forked it here: https://github.com/alacret/djangosaml2idp
peppelinux
commented
4 years ago Probably the entityid Is different, would It Be the training / in its name?
Il gio 12 mar 2020, 02:43 Angel Lacret notifications@github.com ha scritto:
@peppelinux https://github.com/peppelinux
Still the same error:
Error during SAML2 authentication UnknownSystemEntityhttp://localhost:8000/saml2/metadata/
I pull the metadata from the SP on: http://localhost:8000/saml2/metadata/
I copy the saml2_config to the /example_setup/idp folder
Copy the metadata and rename it to sp_metadata.xml
Add to the SAML_IDP_CONFIG dict:
'metadata': { 'local': [os.path.join(os.path.join(os.path.join(BASE_DIR, 'idp'), 'saml2_config'), 'sp_metadata.xml')], },
Shows the error upon login.
SIDENOTE: I disable the signatures
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OTA-Insight/djangosaml2idp/issues/82#issuecomment-597964521, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ4ZVAZ5JWXITVNNN6QJQ3RHA42PANCNFSM4LFLMZKA .
alacret
commented
4 years ago @peppelinux
It was not a problem with the metadata file, #51 breaks the compatibility with pysaml2 on the config settings for the metadata, specifically into how to provide the local metadata, because now it comes from a ServiceProvider Django model
peppelinux
commented
4 years ago I never used that implementation, I developed uniauth that do this kind of things https://github.com/UniversitaDellaCalabria/uniAuth
Il giorno gio 12 mar 2020 alle ore 17:46 Angel Lacret < notifications@github.com> ha scritto:
@peppelinux https://github.com/peppelinux
It was not a problem with the metadata file, #51 https://github.com/OTA-Insight/djangosaml2idp/pull/51 breaks the compatibility with pysaml2 on the config settings for the metadata, specifically into how to provide the local metadata, because now it comes from a ServiceProvider Django model
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OTA-Insight/djangosaml2idp/issues/82#issuecomment-598293208, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ4ZVHRPZQLBTOONDERWEDRHEGXPANCNFSM4LFLMZKA .
--
Dott. Giuseppe De Marco CENTRO ICT DI ATENEO University of Calabria 87036 Rende (CS) - Italy Phone: +39 0984 496961 e-mail: giuseppe.demarco@unical.it
alacret
commented
4 years ago @peppelinux I'll take a look at your project, regardless thanks so much for your help
I manage to go around the #81 by running both instances manually instead of using docker-compose.