Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal Server Error on /accounts/complete/saml/ - Okta/SAML2 Integration #5999

Closed
M0Rf30 opened this issue May 12, 2021 · 3 comments
Closed

Internal Server Error on /accounts/complete/saml/ - Okta/SAML2 Integration #5999

M0Rf30 opened this issue May 12, 2021 · 3 comments
Assignees
@nijel
Labels
bug Something is broken.
Milestone
4.7

Comments

@M0Rf30
Copy link
Contributor

M0Rf30 commented May 12, 2021
edited

Hi,
I'm trying to connect my weblate instance to Okta (as seen in #5989).
Now I'm using the suggested https-portal and I managed to go forward.
Anyway I encountered the following issue.
Although
https://mydomain.com/accounts/metadata/saml/
shows something like this

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" cacheDuration="P10D" entityID="https://mydomain.com/accounts/metadata/saml/">
    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>mycert....replaced text</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mydomain.com/accounts/complete/saml/" index="1"/>
    </md:SPSSODescriptor>
    <md:Organization>
        <md:OrganizationName xml:lang="en-US">weblate</md:OrganizationName>
        <md:OrganizationDisplayName xml:lang="en-US">My Domain</md:OrganizationDisplayName>
        <md:OrganizationURL xml:lang="en-US">https://mydomain.com/</md:OrganizationURL>
    </md:Organization>
    <md:ContactPerson contactType="technical">
        <md:GivenName>My Domain Admin</md:GivenName>
        <md:EmailAddress>test@mydomain.com</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="support">
        <md:GivenName>My Domain Admin</md:GivenName>
        <md:EmailAddress>test@mydomain.com</md:EmailAddress>
    </md:ContactPerson>
</md:EntityDescriptor>

I'm having the following error message

| uwsgi stderr | Traceback (most recent call last):
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/exception.py", line 47, in inner
| uwsgi stderr |     response = get_response(request)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 181, in _get_response
| uwsgi stderr |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/sentry_sdk/integrations/django/views.py", line 67, in sentry_wrapped_callback
| uwsgi stderr |     return callback(request, *args, **kwargs)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
| uwsgi stderr |     response = view_func(request, *args, **kwargs)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/http.py", line 40, in inner
| uwsgi stderr |     return func(request, *args, **kwargs)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/weblate/accounts/views.py", line 1119, in social_auth
| uwsgi stderr |     return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/social_core/actions.py", line 29, in do_auth
| uwsgi stderr |     return backend.start()
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/social_core/backends/base.py", line 35, in start
| uwsgi stderr |     return self.strategy.redirect(self.auth_url())
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/social_core/backends/saml.py", line 285, in auth_url
| uwsgi stderr |     auth = self._create_saml_auth(idp=self.get_idp(idp_name))
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/social_core/backends/saml.py", line 276, in _create_saml_auth
| uwsgi stderr |     return OneLogin_Saml2_Auth(request_info, config)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/onelogin/saml2/auth.py", line 59, in __init__
| uwsgi stderr |     self.__settings = OneLogin_Saml2_Settings(old_settings, custom_base_path)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/onelogin/saml2/settings.py", line 127, in __init__
| uwsgi stderr |     if not self.__load_settings_from_dict(settings):
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/onelogin/saml2/settings.py", line 225, in __load_settings_from_dict
| uwsgi stderr |     errors = self.check_settings(settings)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/onelogin/saml2/settings.py", line 347, in check_settings
| uwsgi stderr |     sp_errors = self.check_sp_settings(settings)
| uwsgi stderr |   File "/usr/local/lib/python3.7/dist-packages/onelogin/saml2/settings.py", line 495, in check_sp_settings
| uwsgi stderr |     if ('givenName' not in contact or len(contact['givenName']) == 0) or \
| uwsgi stderr | TypeError: argument of type 'NoneType' is not iterable
| uwsgi stderr | [pid: 471|app: 0|req: 6/42] 172.28.0.3 () {72 vars in 1417 bytes} [Wed May 12 10:29:19 2021] POST /accounts/login/saml/ => generated 9842 bytes in 1025 msecs (HTTP/1.0 500) 9 headers in 624 bytes (1 switches on core 0)
| nginx stdout | 172.28.0.3 - - [12/May/2021:10:29:20 +0200] "POST /accounts/login/saml/ HTTP/1.0" 500 9842 "https://mydomain.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"

It seems to be related to incomplete metadata parsing (my ignorant point of view 😁 )
Let me know if I can submit much useful details
Regards Nijel and many thanks for your efforts
@M0Rf30 M0Rf30 changed the title Internal Server Error on /accounts/complete/saml/ - Okta Integration Internal Server Error on /accounts/complete/saml/ - Okta/SAML2 Integration May 12, 2021
@M0Rf30 M0Rf30 closed this as completed May 12, 2021
@M0Rf30 M0Rf30 reopened this May 12, 2021
@M0Rf30
Copy link
Contributor Author

M0Rf30 commented May 12, 2021
edited

And because of optional Attribute Statement (at least declared optional in Okta documentation), should python3-saml wantAttributeStatement be set to false?

@nijel nijel added the bug Something is broken. label May 12, 2021
@nijel nijel self-assigned this May 12, 2021
@nijel nijel added this to the 4.7 milestone May 12, 2021
nijel added a commit that referenced this issue May 12, 2021
@nijel
docs: Extend SAML example
5dd5e03 
These are necessary for many services, see #5999
@nijel nijel closed this as completed in 8c9ddb8 May 12, 2021
@github-actions
Copy link

The issue you have reported is now resolved. If you don’t feel it’s right, please follow its labels to get a clue for further steps.

  • In case you see a similar problem, please open a separate issue.
  • If you are happy with the outcome, don’t hesitate to support Weblate by making a donation.

@github-actions
Copy link

Thank you for your report; the issue you have reported has just been fixed.

  • In case you see a problem with the fix, please comment on this issue.
  • In case you see a similar problem, please open a separate issue.
  • If you are happy with the outcome, don’t hesitate to support Weblate by making a donation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nijel nijel

Labels
bug Something is broken.
Projects
None yet
Milestone
4.7
Development

No branches or pull requests
2 participants
@nijel @M0Rf30