SP requested a name_id_format that is not supported in the IDP with samltest.id

OTA-Insight / djangosaml2idp

SAML 2.0 Identity Provider in Django

Apache License 2.0

104 stars 97 forks source link

SP requested a name_id_format that is not supported in the IDP with samltest.id #83

Closed beaubvh closed 4 years ago

beaubvh commented 4 years ago

Error during SAML2 authentication ImproperlyConfigured SP requested a name_id_format that is not supported in the IDP

I tested the IDP with https://samltest.id's SP and it returned the error above.

Line 164 in the views.py file returns None sp_config['name_id_format'] = policy.format

I'm not sure whether it's because samltest.id is returning a nameID format that is not compatible with Python's saml2 or something else.

Amertz08 commented 4 years ago

In the abstract your IDP configuration will declare name format(s) it accepts and the SP can only request the ones the IDP accepts. Should be in the structure of you IDP config below.

SAML_IDP_CONFIG = {
    "service": {
        "idp": {
            "name_id_format": ['list of constants']
        }
    }
}

You can also verify this via the XML. Should be stored in the IDP metadata file. Then compare the SP metadata file to make sure the values are compatible.