djangosaml2idp
djangosaml2idp copied to clipboard
OTA-Insight
Example SP/IdP implementation bugs, how to solve them and a question about one
Hi everyone!
My team and I are working on a project where we have to use SAML together with django and your example of how to create an IdP and SP is the best we have found on the web. Sadly, we haven't been able to turn it on yet :(
We have managed to fix some problems and we want to present them in this issue for future corrections and to help people with the same issues.
First, we start with the downloaded project (no modifications) and do
sudo docker compose up
This will brings up the containers, but the IdP container fails to start because it doesn't have the djangosaml2idp library in the requirements.txt file.
You just need to add djangosaml2idp==XXXX (or just djangosaml2idp ) and this will fix the problem.
Later, with the container already up, I think there would be network problems. localhost is being used in the configuration of both containers and its IP or container name should be used instead, but I have not been able to test it so I do not know very well how this will be. In any case, I then prepare the environment to run it on my machine without docker on localhost so that way the servers can see each other and there will not be configuration problems. Create the superuser with python manage.py createsuperuser on dir /example/idp.
When I try to login with the SP, an error is thrown because the idp_metadata.xml has an expired tag attribute validUntil="2020-12-27T12:41:18Z">. We must update the year and add 1.
https://github.com/OTA-Insight/djangosaml2idp/blob/0b4325782a6fd2c034677b5923041b5df10087ec/example_setup/sp/sp/saml2_config/idp_metadata.xml#L4
Thanks for the help @ericbolo!
Changing the "validUntil" attribute l4 of example_setup/sp/sp/saml2_config/idp_metadata.xml to a future date solved it for me
Originally posted by @ericbolo in https://github.com/OTA-Insight/djangosaml2idp/issues/141#issuecomment-1146566431
After this, we had a problem related to the signature of the response and we had to configure the settings of the two services in this way:
'sign_response': False,
'sign_assertion': False,
'want_authn_requests_signed': False,
to sp.settings.py and idp.settings.py
Originally posted by @MathieuB1 in https://github.com/OTA-Insight/djangosaml2idp/issues/135#issuecomment-1205018189
(Note: Does anyone know why this is? Is it because it doesn't go through HTTPS?)
Finally, and this is the problem that I am not able to solve... we get this error:
Error during SAML authentication
UnknowSystemEntity
http://localhost:8000/saml2/metadata
It corresponds to what was seen in the https://github.com/OTA-Insight/djangosaml2idp/issues/143#issue-1305792053 issue and, honestly, from here I don't know how to continue... this same address is found in the settings of the SP, but I don't know how to configure it...
https://github.com/OTA-Insight/djangosaml2idp/blob/0b4325782a6fd2c034677b5923041b5df10087ec/example_setup/sp/sp/settings.py#L148
I think it's some problem with the XML. We can find the ID that is "http://localhost:9000/idp/metadata/", but of course, that's the ID of the IdP... and I don't know very well where this entityID of the SP comes into play... Does anyone know how to configure it correctly so that it works?
