Help interpreting the error
sandroden opened this issue · 3 comments
Hi, in a configuration I'm struggling to setup I get to the point that the user is authenticated but when inside function acs, dict user_identity is empty.
Does that mean that the Identity provider isn't packing the info in the assertion or am I wrong?
Just to be clear I pass thought
user_identity = authn_response.get_identity()
w/o errors but then I have an empty dict. Any hit is really appreciated, even docs on debugging.
TIA
As an addon to what already stated above, the user_identity is empty becouse authn_response.assertions is empty. My doubt, as I know nothing of saml2, is: it's my fault that I'm not configuring correctly the request or it's just the Identity Provider that is not putting the info in the answer?
We made some more steps understanding this error. Following what happens in pysaml2 package we noticed that in parse_authn_request_response there's a call to parse_assertion that has a loop (while) that calls self.sec.decrypt_keys(... kyes) w/o keys that raises errors because django_saml2 does not pass keys in that context. The error is just skipped so that probably it's ok in that context not to have any keys... is it correct?
What kind of debug can we do? How can we instect the payload we receive to check what exactly is in there?
I tell you how i fixed this problem from my side:
I put wrong url for the 'ENTITY_ID':
the in okta panel was https://mydomainentityid.com
in django settings:https://mydomainentityid.com/
This was causing empty user_identity and consequently KeyError in the first ATTRIBUTE_MAP
Just removing the / at the end all starting to working well
So my advice is to check carefully 'ASSERTION_URL' and 'ENTITY_ID' okta panel side / django settings