django-saml2-auth icon indicating copy to clipboard operation
django-saml2-auth copied to clipboard
verified publisher icon fangli

get csrf token error when login with okta

Open wx2228 opened this issue 8 years ago • 5 comments

tried to login with okta, and then it got csrf token error, i checked the request there's csrf token in it. I am running in django 1.11

wx2228 avatar Sep 26 '17 09:09 wx2228

Oh probably you need to disable CSRF in SSO urls. I'm using okta as well it works well.

fangli avatar Dec 29 '17 09:12 fangli

How would you suggest doing this?

When I try this path('saml2_auth/', csrf_exempt(include('django_saml2_auth.urls')), name='django_saml2_auth')

I get an Exception at /accounts/login/

We got a URL reverse issue: [<function acs at 0x7fc3b7bfbea0>, 'acs', 'django_saml2_auth:acs']. This is a known issue but please still submit a ticket at https://github.com/fangli/django-saml2-auth/issues/new

jmuyskens avatar Apr 27 '18 19:04 jmuyskens

I am getting the same issue of CSRF authentication even after doing the csrf_exempt. Can you suggest something?

Ikjot-Kaur avatar Jun 08 '18 16:06 Ikjot-Kaur

BUMP

Oh probably you need to disable CSRF in SSO urls.

I'm unable to disable csrf for the SSO urls, any advice?

fxdgear avatar Nov 12 '18 22:11 fxdgear

@jmuyskens and @Ikjot-Kaur

so after a bit o' fiddling with this I realized what the issue is, and that is when you are configuring your Okta app you need to check the box that says Allow this app to request other SSO URLs

And then in the requestable urls section you need to add:

  • http://mysite/saml2_auth/acs/
  • http://mysite/saml2_auth/welcome/
  • http://mysite/saml2_auth/denied/

This is now working for me.

I also had to create some attribute statements.

  • Email
  • UserName
  • FirstName
  • LastName

So that when a new user logged in an account would get created for them.

fxdgear avatar Nov 12 '18 22:11 fxdgear