search

omab / django-social-auth

Django social authentication made simple
https://groups.google.com/group/django-social-auth
BSD 3-Clause "New" or "Revised" License
2.65k stars 756 forks source link

social_core.exceptions.AuthFailed: Authentication failed: SAML login failed: ['invalid_response'] #866

Open daveisagit opened 3 years ago

daveisagit commented 3 years ago

I have this module working fine using SAML auth with Google to my django app and now trying to port the same setup into a kubernetes environment. There is an issue around the port number being added to the host.

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 179, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.8/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/social_django/utils.py", line 49, in wrapper
    return func(request, backend, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/social_django/views.py", line 31, in complete
    return do_complete(request.backend, _do_login, user=request.user,
  File "/usr/local/lib/python3.8/site-packages/social_core/actions.py", line 45, in do_complete
    user = backend.complete(user=user, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/social_core/backends/base.py", line 40, in complete
    return self.auth_complete(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/social_core/backends/saml.py", line 320, in auth_complete
    raise AuthFailed(
social_core.exceptions.AuthFailed: Authentication failed: SAML login failed: ['invalid_response'] (The response was received at <site redacted>:8000/complete/saml/ instead of <site redacted>/complete/saml/)

I can't see any possible way to overcome this using the settings available, I have tried using ideas from Appears to be the same issue USE_X_FORWARDED_PORT = True but still get the same problem

Why is the port (8000 in my case the local port in the cluster for django/gunicorn) getting added in the container based implementation. Very frustrating maybe it is better to switch to oAuth?

dshinzie commented 2 years ago

I am getting this same error. Is there a way to remove the port from the ACS URL?