Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

example_setup - no service providers listed after login to IDP #139

Open
georgep7n opened this issue Feb 12, 2022 · 7 comments
Open

example_setup - no service providers listed after login to IDP #139

georgep7n opened this issue Feb 12, 2022 · 7 comments

Comments

@georgep7n
Copy link

georgep7n commented Feb 12, 2022

This is based on the code in master on 2/11/2022.

I followed the example_setup instructions to create the docker containers and they both started up. No problems there. I created the superuser and then tried to do IdP initiated login. I was able to login to the IDP with the superuser and saw the list of user attributes but there was no link at the bottom of the page to perform a login to the SP. I could chase this down further if there was a suggestion on what to look at.

My observation should be straightforward to reproduce just based on following the instructions and trying an IdP-initiated login.

Thank you, this is a great project, along with djangosaml2.

@georgep7n georgep7n changed the title example_setup - no service providers listed in IDP after login to IDP example_setup - no service providers listed after login to IDP Feb 12, 2022
@georgep7n
Copy link
Author

georgep7n commented Feb 13, 2022

Looked into this a bit further, the service provider table doesn't have any rows in it (so no service provider configuration). Maybe the example_setup needs to be updated due to the change in the latest release in 2020 which moved the service provider configuration to the DB, to include inserting the service provider metadata into the _serviceprovider table.

I tried adding a service provider from the admin interface and pasting in the metadata xml locally from localhost:8000/saml2/metadata (putting the metadata url into the remote URL field didn't work for some reason). After I saved this record then the link at the bottom of the login page to perform a login to the SP showed up. Clicking on that though gives me an UnknownSystemEntity error. Not sure why.

I may grab the code from the last release before the 2020 one and see if that makes a difference.

@georgep7n
Copy link
Author

I got the example working with the 0.6.3 idp and 0.7.X sp

@vidski
Copy link

vidski commented Jun 24, 2022

Just in case anyone else has problems using the docker example. I upped pysaml2 to 7.1.2. When using the remote fetch url, make sure to use http://sp:8000/saml2/metadata/ and that all configurations mirrors the SP settings. requests_signed: true ... You can find them in sp/settings.py. Else you can always go to http://localhost:8000/saml2/metadata/ and copy the xml and paste it under the remote url. You also have to create a user account with the same name in you SP, otherweise you get access denied, IDP only handles authentication not authorization.

@psunny28
Copy link

I tried with local setup still getting same error
Have a local metadata in the db, sp works, but on login gives below error

  File "/home/tushar/work/me/HELIX/venv/lib/python3.8/site-packages/djangosaml2idp/views.py", line 244, in get
    resp_args = idp_server.response_args(req_info.message)
  File "/home/tushar/work/me/HELIX/venv/lib/python3.8/site-packages/saml2/entity.py", line 431, in response_args
    binding, destination = self.pick_binding(
  File "/home/tushar/work/me/HELIX/venv/lib/python3.8/site-packages/saml2/entity.py", line 349, in pick_binding
    srvs = sfunc(entity_id, binding, descr_type)
  File "/home/tushar/work/me/HELIX/venv/lib/python3.8/site-packages/saml2/mdstore.py", line 1310, in assertion_consumer_service
    return self.service(entity_id, "idpsso_descriptor",
  File "/home/tushar/work/me/HELIX/venv/lib/python3.8/site-packages/saml2/mdstore.py", line 1203, in service
    raise UnknownSystemEntity(entity_id)

@jjmonsalveg
Copy link

Just in case anyone else has problems using the docker example. I upped pysaml2 to 7.1.2. When using the remote fetch url, make sure to use http://sp:8000/saml2/metadata/ and that all configurations mirrors the SP settings. requests_signed: true ... You can find them in sp/settings.py. Else you can always go to http://localhost:8000/saml2/metadata/ and copy the xml and paste it under the remote url. You also have to create a user account with the same name in you SP, otherweise you get access denied, IDP only handles authentication not authorization.

Thank you really helpful, it's working now using containers. I didn't update the pysaml2.

@AyushTripathi-sketch
Copy link

@vidski Can you explain how to create the user account with same name in SP because I am getting access denied error.

@AyushTripathi-sketch
Copy link

I have created the persistent Ids for the user, but I am still getting Access denied error. The error printed in console is Signature Error: {'message': 'Signature verification failed. Invalid document format.',

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants