Closed nniehoff closed 3 years ago
I'm getting further setting the Okta SSO URL to /sso/acs/ gets me to the next exception:
Traceback (most recent call last):
File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/venv/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/opt/venv/lib/python3.7/site-packages/django3_auth_saml2/views.py", line 87, in sso_acs
binding=entity.BINDING_HTTP_POST
File "/opt/venv/lib/python3.7/site-packages/saml2/client_base.py", line 714, in parse_authn_request_response
binding, **kwargs)
File "/opt/venv/lib/python3.7/site-packages/saml2/entity.py", line 1207, in _parse_response
response.require_signature = require_signature
Exception Type: AttributeError at /api/plugins/sso/acs/
Exception Value: 'NoneType' object has no attribute 'require_signature'
I'm convinced I am missing something in my Okta configuration
I figured it out, hopefully documenting here for public info:
The SSO URL should be: /sso/acs/ Recipient URL should be: / Destination URL should be: /sso/acs/ Audience Restriction should be: /
@nniehoff - nice job working through the issues. I also am not the Okta admin, and I do recall working with them to tweak the settings until we got it working. Thank you for documenting the solution for others!
I am using NetBox 2.8.6 (I have also tried 2.8.9) and I receive a 403
CSRF Cookie not set error
. This could very well be something I am missing in the Okta setup, I'm not an Okta expert. From the logs the error is:I'm hoping you can provide some guidance here. It looks like the authentication piece happens fine it's when I get redirected back to my NetBox that I receive this error.