search

fangli / django-saml2-auth

Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta
Other
504 stars 223 forks source link

MissingKey error #162

Open nmilev-scribe opened 3 years ago

nmilev-scribe commented 3 years ago

When trying to use this package for SAML2 integration with Okta, I'm getting this error:

Traceback (most recent call last):
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/entity.py", line 1455, in _parse_response
    response = response.loads(xmlstr, False, origxml=xmlstr)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 516, in loads
    self._loads(xmldata, decode, origxml)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 340, in _loads
    **args)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1689, in correctly_signed_response
    class_name(response), origdoc)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1464, in _check_signature
    raise MissingKey(_issuer)

During handling of the above exception (my_entity_id), another exception occurred:
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/sentry_sdk/integrations/django/views.py", line 63, in callback
    return old_callback(*args, **kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/sentry_sdk/integrations/django/views.py", line 63, in callback
    return old_callback(*args, **kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django_saml2_auth/views.py", line 159, in acs
    resp, entity.BINDING_HTTP_POST)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/client_base.py", line 812, in parse_authn_request_response
    xmlstr, AuthnResponse, "assertion_consumer_service", binding, **kwargs
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/entity.py", line 1465, in _parse_response
    response = response.loads(xmlstr, False, origxml=xmlstr)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 516, in loads
    self._loads(xmldata, decode, origxml)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 340, in _loads
    **args)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1689, in correctly_signed_response
    class_name(response), origdoc)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1464, in _check_signature
    raise MissingKey(_issuer)

Exception Type: MissingKey at /saml2_auth/acs/
Exception Value: my_entity_id

My setup:

settings.py:

SAML2_AUTH = {
    'METADATA_AUTO_CONF_URL': 'https://my_okta_domain.okta.com/app/my_entity_id/sso/saml/metadata/',
    'DEFAULT_NEXT_URL': '/',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
    'CREATE_USER': 'TRUE', # Create a new Django user when a new user logs in. Defaults to True.
    'ASSERTION_URL': 'https://my_okta_domain.okta.com/app/generic-saml/my_entity_id/saml2', # Custom URL to validate incoming SAML requests against
    'ENTITY_ID': 'my_entity_id', # Populates the Issuer element in authn request
    'USE_JWT': True, # Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are using JWT authentication to authorize client users
    'FRONTEND_URL': 'http://localhost:3000', # Redirect URL for the client if you are using JWT auth with DRF. See explanation below
}

urls.py:

 re_path(r'^saml2_login/$', django_saml2_auth.views.signin),
 re_path(r'^saml2_auth/', include('django_saml2_auth.urls')),

Am I doing something wrong? As far as I've researched, this means there is a missing certificate. If so, how do I connect it to Django BE?

syedgufran95 commented 3 years ago

I am getting the same error. cloning the library to solve the issue

syedgufran95 commented 3 years ago

I have solved the issue . The problem comes from idp side you need to check that you have properly set attribute stamenents.