9:58 p.m.
Hello,
On Thu, 18 Jun 2020 at 18:03, Janusz Ulanowski
<janusz.ulanowski at heanet.ie> wrote:
Hi,
I hope you might give some light.
I'm trying to setup saml2saml.
Everything works fine when samlBackend gets metadata with only one IdP.
When there is more then I'm getting error.
when you connect the proxy to multiple IdPs, then you need a way to
say to the saml2 backend to which IdP to authenticate the user. One
way to do this is by using a discovery service.
See, the documentation on this:
https://github.com/IdentityPython/SATOSA/tree/master/doc#use-a-discovery-se…
and the example backend configuration:
https://github.com/IdentityPython/SATOSA/blob/56ebe1e/example/plugins/backe…
to make use of the disco_srv configuration option.
btw, I think the documentation should be fixed to match the example
file; it should not nest disco_srv under sp_config, but just under
config. It should be:
config:
disco_srv: "https://disco.example.com"
cheers,
backends/saml2_backend.yaml is based
saml2_backend.yaml.example
I would be very much appreciated for any help.
############################
jagger_satosa.1.niwh0x0v4r34 at totoro | [2020-06-18 14:44:26,978] [DEBUG]
[satosa.routing.backend_routing] [urn:uuid:4391da61-03e6-44c3-b706-2f31694b9b33] Routing
to backend: Saml2
jagger_satosa.1.niwh0x0v4r34 at totoro | [2020-06-18 14:44:26,978] [INFO]
[satosa.backends.saml2.get_idp_entity_id] [urn:uuid:4391da61-03e6-44c3-b706-2f31694b9b33]
{'message': 'Selected IdP', 'only_one': False,
'target_entity_id': None, 'force_authn': None, 'memorized_idp':
False, 'entity_id': None}
agger_satosa.1.niwh0x0v4r34 at totoro | [2020-06-18 14:44:26,979] [ERROR]
[satosa.base.run] [urn:uuid:4391da61-03e6-44c3-b706-2f31694b9b33] Uncaught exception
jagger_satosa.1.niwh0x0v4r34 at totoro | Traceback (most recent call last):
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 240, in run
jagger_satosa.1.niwh0x0v4r34 at totoro | resp = self._run_bound_endpoint(context,
spec)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 180, in _run_bound_endpoint
jagger_satosa.1.niwh0x0v4r34 at totoro | return spec(context)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/frontends/saml2.py", line 100, in handle_authn_request
jagger_satosa.1.niwh0x0v4r34 at totoro | return
self._handle_authn_request(context, binding_in, self.idp)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/frontends/saml2.py", line 256, in _handle_authn_request
jagger_satosa.1.niwh0x0v4r34 at totoro | return
self.auth_req_callback_func(context, internal_req)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 103, in _auth_req_callback_func
jagger_satosa.1.niwh0x0v4r34 at totoro | return self._auth_req_finish(context,
internal_request)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 108, in _auth_req_finish
jagger_satosa.1.niwh0x0v4r34 at totoro | return backend.start_auth(context,
internal_request)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/backends/saml2.py", line 179, in start_auth
jagger_satosa.1.niwh0x0v4r34 at totoro | return self.disco_query(context)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/backends/saml2.py", line 211, in disco_query
jagger_satosa.1.niwh0x0v4r34 at totoro | disco_url, self.sp.config.entityid,
**args
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/opt/satosa/lib/python3.7/site-packages/saml2/client_base.py", line 936, in
create_discovery_service_request
jagger_satosa.1.niwh0x0v4r34 at totoro | if '?' in url:
jagger_satosa.1.niwh0x0v4r34 at totoro | TypeError: argument of type
'NoneType' is not iterable
jagger_satosa.1.niwh0x0v4r34 at totoro | [2020-06-18 14:44:26,980] [ERROR]
[satosa.proxy_server.__call__] Unknown error
jagger_satosa.1.niwh0x0v4r34 at totoro | Traceback (most recent call last):
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 240, in run
jagger_satosa.1.niwh0x0v4r34 at totoro | resp = self._run_bound_endpoint(context,
spec)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 180, in _run_bound_endpoint
jagger_satosa.1.niwh0x0v4r34 at totoro | return spec(context)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/frontends/saml2.py", line 100, in handle_authn_request
jagger_satosa.1.niwh0x0v4r34 at totoro | return
self._handle_authn_request(context, binding_in, self.idp)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/frontends/saml2.py", line 256, in _handle_authn_request
jagger_satosa.1.niwh0x0v4r34 at totoro | return
self.auth_req_callback_func(context, internal_req)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 103, in _auth_req_callback_func
jagger_satosa.1.niwh0x0v4r34 at totoro | return self._auth_req_finish(context,
internal_request)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 108, in _auth_req_finish
jagger_satosa.1.niwh0x0v4r34 at totoro | return backend.start_auth(context,
internal_request)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/backends/saml2.py", line 179, in start_auth
jagger_satosa.1.niwh0x0v4r34 at totoro | return self.disco_query(context)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/backends/saml2.py", line 211, in disco_query
jagger_satosa.1.niwh0x0v4r34 at totoro | disco_url, self.sp.config.entityid,
**args
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/opt/satosa/lib/python3.7/site-packages/saml2/client_base.py", line 936, in
create_discovery_service_request
jagger_satosa.1.niwh0x0v4r34 at totoro | if '?' in url:
jagger_satosa.1.niwh0x0v4r34 at totoro | TypeError: argument of type
'NoneType' is not iterable
jagger_satosa.1.niwh0x0v4r34 at totoro |
jagger_satosa.1.niwh0x0v4r34 at totoro | The above exception was the direct cause of
the following exception:
jagger_satosa.1.niwh0x0v4r34 at totoro |
jagger_satosa.1.niwh0x0v4r34 at totoro | Traceback (most recent call last):
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/proxy_server.py", line 118, in __call__
jagger_satosa.1.niwh0x0v4r34 at totoro | resp = self.run(context)
jagger_satosa.1.niwh0x0v4r34 at totoro | File
"/src/satosa/src/satosa/base.py", line 258, in run
jagger_satosa.1.niwh0x0v4r34 at totoro | raise SATOSAUnknownError("Unknown
error") from err
jagger_satosa.1.niwh0x0v4r34 at totoro | satosa.exception.SATOSAUnknownError: Unknown
error
############################
_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users
--
Ivan c00kiemon5ter Kanakarakis >:3