search

SAML-Toolkits / python3-saml

MIT License
671 stars 302 forks source link

Anyone get this running in Docker with Gunicorn? #332

Closed sahibbhai closed 1 year ago

sahibbhai commented 1 year ago

Hey everyone. I have this toolkit working with a Flask app. I'm now trying to Dockerize my Flask app and running into some issues.

I'm getting all sorts of errors like

ERR_CONNECTION_REFUSED

the response was received at 127.0.0.1:85 instead of 127.0.01:5000

I'm thinking this has to do with ports, Gunicorn, and my docker run command. But I just can't seem to find the right mix that makes it work.

Does anyone have any suggestions?

Here's my Gunicorn command: CMD ["gunicorn", "-b", "0.0.0.0:85", "--workers=4", "--reload", "index:app"] Here's my Docker run command: docker run -p 1337:85 myimage

My settings.json:

    "strict": true,
    "debug": true,
    "sp": {
        "entityId": "http://127.0.0.1:5000/metadata/",
        "assertionConsumerService": {
            "url": "http://127.0.0.1:5000/?acs",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        },
        "singleLogoutService": {
            "url": "http://127.0.0.1:5000/?sls",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        "x509cert": "",
        "privateKey": ""
    },
    "idp": {
        "entityId": "https://app.onelogin.com/saml/metadata/<redacted>",
        "singleSignOnService": {
            "url": "https://<redacted>.onelogin.com/trust/saml2/http-post/sso/<redacted>",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "singleLogoutService": {
            "url": "https://<redacted>.onelogin.com/trust/saml2/http-redirect/slo/<redacted>",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "x509cert": "-----BEGIN CERTIFICATE-----<redacted>-----END CERTIFICATE-----"
    }
}
StranDutton commented 1 year ago

I apologize I don't have a solution but can I ask how you were able to reference your settings.json inside the container? I'm also containerizing my flask app and using apk / pip3 to install python3-saml into the container but I can't figure out how to edit the config files. Did you just add the files directly into your app instead of using pip to install it? I think that may be the way I have to go.

sahibbhai commented 1 year ago

@StranDutton Yeah, I cloned the Git repo into a directory, modified the config files, and then used docker build to build an image based on the content of the directory.

pitbulk commented 1 year ago

@sahibbhai

the response was received at 127.0.0.1:85 instead of 127.0.01:5000

You get this because the python toolkit is not properly managing the internal port.

When you initialize the OneLogin_Saml2_Auth object, you are providing a request.

You will need to change the 'server_port' value of the provided request, and make sure it contains 85, or use directly server_host including the domain and expected port

sahibbhai commented 1 year ago

@sahibbhai

the response was received at 127.0.0.1:85 instead of 127.0.01:5000

You get this because the python toolkit is not properly managing the internal port.

When you initialize the OneLogin_Saml2_Auth object, you are providing a request.

You will need to change the 'server_port' value of the provided request, and make sure it contains 85, or use directly server_host including the domain and expected port

hey @pitbulk, I just wanted to thank you and apologize for the delay in responding. I got my app working thanks to your hints. Changing server_port in my app.py to 85 was the key.