Closed spaceone closed 3 years ago
Hi,
it seems the service provider configuration needs to specify the IDP metadata in a json format like:
"idp": { "entityId": "https://app.onelogin.com/saml/metadata/<onelogin_connector_id>", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "<onelogin_connector_cert>" }
All these information are part of the SAML IDP metadata:
<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ucs-sso.school.dev/simplesamlphp/saml2/idp/metadata.php"> <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIF…==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIF…==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://ucs-sso.school.dev/simplesamlphp/saml2/idp/SingleLogoutService.php"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://ucs-sso.school.dev/simplesamlphp/saml2/idp/SSOService.php"/> </md:IDPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>Administrator</md:GivenName> <md:EmailAddress>root@master2.school.dev</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>
Is it possible to skip filling out the JSON settings and let it directly be loaded from these metadata? If not, please implement something to support this.
Yes, you can use the https://github.com/onelogin/python3-saml/blob/master/src/onelogin/saml2/idp_metadata_parser.py
pitbulk
commented
3 years ago
Hi,
it seems the service provider configuration needs to specify the IDP metadata in a json format like:
All these information are part of the SAML IDP metadata:
Is it possible to skip filling out the JSON settings and let it directly be loaded from these metadata? If not, please implement something to support this.