search

jeremyschulman / netbox-plugin-auth-saml2

Netbox plugin for SSO using SAML2
119 stars 23 forks source link

SAML - Signature verification failed. Invalid document format. #68

Open jeganarepo opened 1 year ago

jeganarepo commented 1 year ago

I have followed the https://github.com/jeremyschulman/netbox-plugin-auth-saml2 page to configure the SSO using SAML2.0.

Used remote_auth_backend as django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend

Got the below error and attached screen shot. It seems like I am getting Netbox UI but not logged in. Can someone pls help me on this

Screenshot 2023-04-12 at 10 01 30 PM 

Forbidden (Permission denied): /api/plugins/sso/acs/
Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/global_maps.py", line 262, in lookup_type
    obj = self.types[qname]
KeyError: 'xsd:string'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/sigver.py", line 1479, in _check_signature
    _schema.validate(str(item))
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/schemas.py", line 1701, in validate
    for error in self.iter_errors(source, path, schema_path, use_defaults, namespaces,
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/schemas.py", line 1812, in iter_errors
    for result in xsd_element.iter_decode(elem, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/elements.py", line 751, in iter_decode
    for result in content_decoder.iter_decode(obj, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/groups.py", line 1070, in iter_decode
    for result in xsd_element.iter_decode(child, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/elements.py", line 751, in iter_decode
    for result in content_decoder.iter_decode(obj, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/groups.py", line 1070, in iter_decode
    for result in xsd_element.iter_decode(child, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/elements.py", line 751, in iter_decode
    for result in content_decoder.iter_decode(obj, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/groups.py", line 1070, in iter_decode
    for result in xsd_element.iter_decode(child, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/elements.py", line 751, in iter_decode
    for result in content_decoder.iter_decode(obj, validation, **kwargs):
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/groups.py", line 1033, in iter_decode
    self.check_dynamic_context(child, xsd_element, model.element, namespaces)
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/groups.py", line 888, in check_dynamic_context
    xsd_type = self.maps.get_instance_type(
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/global_maps.py", line 378, in get_instance_type
    xsi_type = self.lookup_type(extended_name)
  File "/opt/netbox/venv/lib/python3.9/site-packages/xmlschema/validators/global_maps.py", line 264, in lookup_type
    raise XMLSchemaKeyError(f'global xs:simpleType/xs:complexType {qname!r} not found')
xmlschema.exceptions.XMLSchemaKeyError: "global xs:simpleType/xs:complexType 'xsd:string' not found"

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/entity.py", line 1455, in _parse_response
    response = response.loads(xmlstr, False, origxml=xmlstr)
  File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/response.py", line 516, in loads
    self._loads(xmldata, decode, origxml)
  File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/response.py", line 337, in _loads
    self.response = self.signature_check(
  File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/sigver.py", line 1688, in correctly_signed_response
    self._check_signature(decoded_xml, response,
  File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/sigver.py", line 1488, in _check_signature
    raise SignatureError(error_context) from e
saml2.sigver.SignatureError: {'message': 'Signature verification failed. Invalid document format.', 'ID':

remoteAuth:
  enabled: true
  autoCreateUser: true
  backend: django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend
  header: HTTP_REMOTE_USER

plugins: 
    - 'django3_saml2_nbplugin'

pluginsConfig:
  django3_saml2_nbplugin:
    AUTHENTICATION_BACKEND: REMOTE_AUTH_BACKEND
    ASSERTION_URL: https://abc.net
    ENTITY_ID: https://abc.net
    METADATA_AUTO_CONF_URL: <URL Of the Metadata>
    CUSTOM_ATTR_BACKEND:
      USERNAME_ATTR: email
      MAIL_ATTR: email
      FIRST_NAME_ATTR: firstName
      LAST_NAME_ATTR: lastName
      ALWAYS_UPDATE_USER: "True"
      GROUP_ATTR: groups
      FLAGS_BY_GROUP: 
        is_power_group: netbox-per-users

Enabled plugins in docker container side.

django3-auth-saml2
netbox-plugin-auth-saml2
apk add --no-cache xmlsec

Netbox version v3.0.11

Celant commented 1 year ago

@jeganarepo did you ever find a solution to this? I'm running into the same problem.

jeganarepo commented 1 year ago

@Celant No still I am facing the issue. Please let me know if you find something from your end. Thanks.