There was no response from SAML client.

[tonsofpotato]

Sorry, you are not allowed to access this app
To report a problem with your access please contact your system administrator
Error code: 1108
Reason: There was an error processing your request. There was no response from SAML client.

My SAML_AUTH configuration as below:
SAML2_AUTH = {
# Metadata is required, choose either remote url or local file path
'METADATA_AUTO_CONF_URL': 'https://dev-60303895.okta.com/app/exkdgtxgklmzYzqKq5d7/sso/saml/metadata',

# Optional settings below
'DEFAULT_NEXT_URL': '/admin',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
'CREATE_USER': True, # Create a new Django user when a new user logs in. Defaults to True.
'NEW_USER_PROFILE': {
    'USER_GROUPS': [],  # The default group name when a new user logs in
    'ACTIVE_STATUS': True,  # The default active status for new users
    'STAFF_STATUS': False,  # The staff status for new users
    'SUPERUSER_STATUS': False,  # The superuser status for new users
},
'ATTRIBUTES_MAP': {  # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
    'email': 'user.email',
    'username': 'user.username',
    'first_name': 'user.first_name',
    'last_name': 'user.last_name',
    'token': 'Token',  # Mandatory, can be unrequired if TOKEN_REQUIRED is False
},
'TRIGGER': {
    'CREATE_USER': 'path.to.your.new.user.hook.method',
    'BEFORE_LOGIN': 'path.to.your.login.hook.method',
},
'ASSERTION_URL': 'http://localhost', # Custom URL to validate incoming SAML requests against
'ENTITY_ID': 'http://localhost/saml2_auth/acs/', # Populates the Issuer element in authn request
'USE_JWT': True, # Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are using JWT authentication to authorize client users
'FRONTEND_URL': 'https://myfrontendclient.com', # Redirect URL for the client if you are using JWT auth with DRF. See explanation below
'LOGIN_CASE_SENSITIVE': True,  # whether of not to get the user in case_sentive mode
'AUTHN_REQUESTS_SIGNED': True, # Require each authentication request to be signed
'LOGOUT_REQUESTS_SIGNED': True,  # Require each logout request to be signed
'WANT_ASSERTIONS_SIGNED': True,  # Require each assertion to be signed
'WANT_RESPONSE_SIGNED': True,  # Require response to be signed
'ACCEPTED_TIME_DIFF': None,  # Accepted time difference between your server and the Identity Provider
'ALLOWED_REDIRECT_HOSTS': ["https://myfrontendclient.com"], # Allowed hosts to redirect to using the ?next parameter
'TOKEN_REQUIRED': True,  # Whether or not to require the token parameter in the SAML assertion

}

[tonsofpotato]

here is the Okta SAML Setting

[mostafa]

@tonsofpotato

This is a configuration issue. If you don't use JWT, disable it (USE_JWT: False). You are also not setting these values:

'TRIGGER': {
    'CREATE_USER': 'path.to.your.new.user.hook.method',
    'BEFORE_LOGIN': 'path.to.your.login.hook.method',
},

Please read the docs (README) and act accordingly.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions]

This issue was closed because it has been stalled for 5 days with no activity.