search

fangli / django-saml2-auth

Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta
Other
500 stars 222 forks source link

Active Directory/SAML IDP can't process request #21

Open mrhatch opened 7 years ago

mrhatch commented 7 years ago

Trying to access an Active Directory SAML IDP and they are unable to process my request. According to the IDP staff the problem is with the following line in the Request:

<ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"

They want it to be: <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"

or possibly removed from the request altogether as it is not an attribute they have ever used before. I am having to trust their word as this is my first SAML project and while it worked with Okta, it is erroring on their server.

mrhatch commented 7 years ago

I was able to resolve the issue with this, it was not the nameid:format as was first suspected, rather it was the lack of an entityid in the saml. I was able to get it working by adding 'entityid' : 'https://server.host.com',

to the saml_settings in views.py