oauth2.0 我使用djangosaml2和idp作为okta将SAML与django集成,使用SAML_CONFIG配置了我的setting.py文件,

x8diyxa7  于 2023-08-02  发布在  Go
关注(0)|答案(1)|浏览(153)

我的settings.py就像

import os
BASEDIR = os.path.dirname(os.path.abspath(__file__))

SAML_CONFIG = {
    "strict": True,
    "debug": True   ,
    "service" :{
    "sp": {

    'name': 'XXX',
     'allow_unsolicited': True,
     'want_assertions_signed': True,  # assertion signing (default=True)
     'want_response_signed': True,
     "want_assertions_or_response_signed": True,  # is response signing required
     'name_id_format': "urn:oasis:names:tc:SAML:1.1:nameid-format:basic",

        "entityId": "https://localhost:8002/metadata/",
        "assertionConsumerService": {
            "url": "https://localhost:8002/?acs",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        },
        "singleLogoutService": {
            "url": "https://localhost:8002/?sls",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        "x509cert": "",
        "privateKey": ""
    },
    "idp": {
        # "entityId": "https://dev-92033760.okta.com/app/exv13qURtCj35d7/sso/saml/metadata",
        "entityId": "http://www.okta.com/3qURtCj35d7",
        "singleSignOnService": {
            "url": "https://dev-9203760.okta.com/app/dev-92033760_saml4july_1/exRtCj35d7/sso/saml",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        },
        "singleLogoutService": {
            "url": "https://dev-9233760.okta.com/app/dev-92033760_saml4july_1/exka35d7/sso/saml",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },

    },
    },

    'metadata': {
      'local': [os.path.join(BASEDIR, 'remote_metadata.xml')],
      }

}

字符串

但从okta成功重定向后,正在下方

身份验证错误。拒绝访问。

and on logs getting

Traceback(最近的呼叫最后一次):File“/home/zec/label-studio-project/djangosaml2/djangosaml2_venv/lib/python3.8/site-packages/djangosaml2/views.py“,line 469,in post response = client.parse_authn_request_response(File“/home/zec/label-studio-project/djangosaml2/djangosaml2_venv/lib/python3.8/site-packages/saml2/client_base.py”,line 773,in parse_authn_request_response raise SAMLError(“Missing entity_id specification”)saml2.SAMLError:缺少entity_id规范禁止:/saml2/acs/

wydwbb8l

wydwbb8l1#

根据文档,您的实体ID,通常是您的子域加上元数据视图的URL。

尝试更改:

"entityId": "https://localhost:8002/metadata/",

字符串

收件人:

"entityId": "https://localhost:8002/saml2/metadata/",

相关问题