Getting "expected str instance, NoneType found" error
tim-wgbh opened this issue · 1 comments
tim-wgbh commented
Hoping you can help - wondering if this is a config problem.
Request is formed:
<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" ID="id-3ZwAhtkpJ7Z6z7SBp" Version="2.0" IssueInstant="2023-01-19T13:45:36Z" Destination="https://wgbh.okta.com/app/wgbh_gbhannualreportsaml2_1/exk1qzsalqiXXNp7c0h8/sso/saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://cms.local.wgbhdigital.org/sso/acs/"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://cms.local.wgbhdigital.org/saml2_auth/acs/</ns1:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-3ZwAhtkpJ7Z6z7SBp"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /></ns2:Signature></ns0:AuthnRequest>
But then I get this error:
2023-01-19 08:45:36,205 django_saml2_auth.utils:158 DEBUG sequence item 3: expected str instance, NoneType found
I've tried a number of SAML configs, but thing seems to change this. Most recent is:
SAML2_AUTH = {
# Metadata is required, choose either remote url or local file path
'METADATA_AUTO_CONF_URL': os.environ['SAML_METADATA_URL'],
'METADATA_LOCAL_FILE_PATH': False,
'DEBUG': True,
# Optional settings below
'DEFAULT_NEXT_URL': '/admin', # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
'CREATE_USER': False, # Create a new Django user when a new user logs in. Defaults to True.
'NEW_USER_PROFILE': {
'USER_GROUPS': [], # The default group name when a new user logs in
'ACTIVE_STATUS': True, # The default active status for new users
'STAFF_STATUS': True, # The staff status for new users
'SUPERUSER_STATUS': False, # The superuser status for new users
},
'ATTRIBUTES_MAP': { # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
'email': MAP_SAML_EMAIL,
'username': MAP_SAML_USERNAME,
'first_name': MAP_SAML_FIRSTNAME,
'last_name': MAP_SAML_LASTNAME,
},
'TRIGGER': {
'CREATE_USER': None,
'BEFORE_LOGIN': None,
'GET_METADATA_AUTO_CONF_URLS': None
},
'ASSERTION_URL': None, # Custom URL to validate incoming SAML requests against
'ENTITY_ID': f'https://{HOST_DOMAIN}/saml2_auth/acs/', # Populates the Issuer element in authn request
'NAME_ID_FORMAT': None, # Sets the Format property of authn NameIDPolicy element
'USE_JWT': False, # Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are using JWT authentication to authorize client users
'FRONTEND_URL': None, # Redirect URL for the client if you are using JWT auth with DRF. See explanation below
'LOGIN_CASE_SENSITIVE': True, # whether of not to get the user in case_sentive mode
'AUTHN_REQUESTS_SIGNED': True, # Require each authentication request to be signed
'LOGOUT_REQUESTS_SIGNED': True, # Require each logout request to be signed
'WANT_ASSERTIONS_SIGNED': True, # Require each assertion to be signed
'WANT_RESPONSE_SIGNED': True, # Require response to be signed
'ACCEPTED_TIME_DIFF': None, # Accepted time difference between your server and the Identity Provider
'ALLOWED_REDIRECT_HOSTS': None, # Allowed hosts to redirect to using the ?next parameter
'TOKEN_REQUIRED': False, # Whether or not to require the token parameter in the SAML assertion
}
Thanks for looking.