1:58 p.m.
Ciao Jakub,
Satosauses cookies to storie and update the state of the session.
The error means that the session Is inconsistent.
You have this in satosa
https://github.com/IdentityPython/SATOSA/blob/e2df9ba50e7731d903c7c740f7430…
It takes the cookie and load the states.
If the cookie doesnt exist satosa creates a new One
You have to check that the satosa cookies changes during interaction with
proxy (requests/responses)
The domain/hostname of the httpS request MUST not changes, also check
samesite restrictions
Il lun 16 ago 2021, 13:42 Jakub Niezabitowski <ymniezab at cyfronet.krakow.pl>
ha scritto:
Hello,
We are trying to use Satosa as proxy for Keycloak. After successful login
backend receives attributes and tries to route them to frontend named
Saml2IDP (same name as in the example) but fails:
[2021-08-05 11:03:50,412] [DEBUG] [satosa.attribute_mapping.to_internal] backend
attribute ['sn', 'surname'] mapped to surname
[2021-08-05 11:03:50,413] [DEBUG] [satosa.backends.saml2._translate_response]
[urn:uuid:6e039cb0-5454-4224-987e-1965c623cad9] backend received attributes:
{
"sn": [
"czterna"
]
}
[2021-08-05 11:03:50,413] [DEBUG] [satosa.routing.frontend_routing]
[urn:uuid:6e039cb0-5454-4224-987e-1965c623cad9] Routing to frontend: Saml2IDP
[2021-08-05 11:03:50,413] [ERROR] [satosa.base.run]
[urn:uuid:6e039cb0-5454-4224-987e-1965c623cad9] Uncaught exception
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 240, in
run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 180, in
_run_bound_endpoint
return spec(context)
File "/usr/local/lib/python3.6/site-packages/satosa/backends/saml2.py", line
350, in authn_response
return self.auth_callback_func(context, self._translate_response(authn_response,
context.state))
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 149, in
_auth_resp_callback_func
context, internal_response)
File
"/usr/local/lib/python3.6/site-packages/satosa/micro_services/attribute_modifications.py",
line 17, in process
return super().process(context, data)
File "/usr/local/lib/python3.6/site-packages/satosa/micro_services/base.py",
line 33, in process
return self.next(context, data)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 120, in
_auth_resp_finish
return frontend.handle_authn_response(context, internal_response)
File "/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
86, in handle_authn_response
return self._handle_authn_response(context, internal_response, self.idp)
File "/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
317, in _handle_authn_response
request_state = self.load_state(context.state)
File "/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
149, in load_state
state_data = state[self.name]
File "/usr/lib64/python3.6/collections/__init__.py", line 991, in
__getitem__
raise KeyError(key)
KeyError: 'Saml2IDP'
[2021-08-05 11:03:50,416] [ERROR] [satosa.proxy_server.__call__] Unknown error
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 240, in
run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 180, in
_run_bound_endpoint
return spec(context)
File "/usr/local/lib/python3.6/site-packages/satosa/backends/saml2.py", line
350, in authn_response
return self.auth_callback_func(context, self._translate_response(authn_response,
context.state))
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 149, in
_auth_resp_callback_func
context, internal_response)
File
"/usr/local/lib/python3.6/site-packages/satosa/micro_services/attribute_modifications.py",
line 17, in process
return super().process(context, data)
File "/usr/local/lib/python3.6/site-packages/satosa/micro_services/base.py",
line 33, in process
return self.next(context, data)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 120, in
_auth_resp_finish
return frontend.handle_authn_response(context, internal_response)
File "/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
86, in handle_authn_response
return self._handle_authn_response(context, internal_response, self.idp)
File "/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
317, in _handle_authn_response
request_state = self.load_state(context.state)
File "/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
149, in load_state
state_data = state[self.name]
File "/usr/lib64/python3.6/collections/__init__.py", line 991, in
__getitem__
raise KeyError(key)
KeyError: 'Saml2IDP'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/proxy_server.py", line
118, in __call__
resp = self.run(context)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line 258, in
run
raise SATOSAUnknownError("Unknown error") from err
satosa.exception.SATOSAUnknownError: Unknown error
Thank you in advance for any help!
_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users
--
------------------------------------------------------------------------------------------------------------------
Il banner è generato automaticamente dal servizio di posta elettronica
dell'Università della Calabria
<http://www.unical.it/5x1000>