You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am having the same issue. I am having problem in configuring SAML2_AUTH. Can you please help me. Below are my SAML2_AUTH configuration. I am trying with FusionAuth IDP.
`SAML2_AUTH = {
# Metadata is required, choose either remote url or local file path
'METADATA_AUTO_CONF_URL': 'http://localhost:9011/samlv2/metadata/d7d09513-a3f5-401c-9685-34ab6c552453',
# 'METADATA_LOCAL_FILE_PATH': '[The metadata configuration file path]',
'KEY_FILE': '[The key file path]',
'CERT_FILE': '[The certificate file path]',
# If both `KEY_FILE` and `CERT_FILE` are provided, `ENCRYPTION_KEYPAIRS` will be added automatically. There is no need to provide it unless you wish to override the default value.
'ENCRYPTION_KEYPAIRS': [
{
"key_file": '[The key file path]',
"cert_file": '[The certificate file path]',
}
],
'DEBUG': False, # Send debug information to a log file
# Optional logging configuration.
# By default, it won't log anything.
# The following configuration is an example of how to configure the logger,
# which can be used together with the DEBUG option above. Please note that
# the logger configuration follows the Python's logging configuration schema:
# https://docs.python.org/3/library/logging.config.html#logging-config-dictschema
'LOGGING': {
'version': 1,
'formatters': {
'simple': {
'format': '[%(asctime)s] [%(levelname)s] [%(name)s.%(funcName)s] %(message)s',
},
},
'handlers': {
'stdout': {
'class': 'logging.StreamHandler',
'stream': 'ext://sys.stdout',
'level': 'DEBUG',
'formatter': 'simple',
},
},
'loggers': {
'saml2': {
'level': 'DEBUG'
},
},
'root': {
'level': 'DEBUG',
'handlers': [
'stdout',
],
},
},
# Optional settings below
'DEFAULT_NEXT_URL': '/admin',
# Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
'CREATE_USER': True, # Create a new Django user when a new user logs in. Defaults to True.
'NEW_USER_PROFILE': {
'USER_GROUPS': [], # The default group name when a new user logs in
'ACTIVE_STATUS': True, # The default active status for new users
'STAFF_STATUS': False, # The staff status for new users
'SUPERUSER_STATUS': False, # The superuser status for new users
},
'ATTRIBUTES_MAP': { # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
'email': 'richard@example.com',
'username': 'user.username',
'first_name': 'user.first_name',
'last_name': 'user.last_name',
'token': 'Token', # Mandatory, can be unrequired if TOKEN_REQUIRED is False
'groups': 'Groups', # Optional
},
'GROUPS_MAP': { # Optionally allow mapping SAML2 Groups to Django Groups
'SAML Group Name': 'Django Group Name',
},
'TRIGGER': {
# Optional: needs to return a User Model instance or None
'GET_USER': 'path.to.your.get.user.hook.method',
'CREATE_USER': 'path.to.your.new.user.hook.method',
'BEFORE_LOGIN': 'path.to.your.login.hook.method',
'AFTER_LOGIN': 'path.to.your.after.login.hook.method',
# Optional. This is executed right before METADATA_AUTO_CONF_URL.
# For systems with many metadata files registered allows to narrow the search scope.
'GET_USER_ID_FROM_SAML_RESPONSE': 'path.to.your.get.user.from.saml.hook.method',
# This can override the METADATA_AUTO_CONF_URL to enumerate all existing metadata autoconf URLs
'GET_METADATA_AUTO_CONF_URLS': 'path.to.your.get.metadata.conf.hook.method',
},
'ASSERTION_URL': 'http://localhost:9011/', # Custom URL to validate incoming SAML requests against
'ENTITY_ID': 'http://localhost:9011/saml2_auth/acs/', # Populates the Issuer element in authn request
# 'NAME_ID_FORMAT': user.email, # Sets the Format property of authn NameIDPolicy element, e.g. 'user.email'
'USE_JWT': True,
# Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are using JWT authentication to authorize client users
'JWT_ALGORITHM': 'HS256', # JWT algorithm to sign the message with
'JWT_SECRET': 'your.jwt.secret', # JWT secret to sign the message with
'JWT_PRIVATE_KEY': '--- YOUR PRIVATE KEY ---',
# Private key to sign the message with. The algorithm should be set to RSA256 or a more secure alternative.
'JWT_PRIVATE_KEY_PASSPHRASE': 'your.passphrase',
# If your private key is encrypted, you might need to provide a passphrase for decryption
'JWT_PUBLIC_KEY': '--- YOUR PUBLIC KEY ---', # Public key to decode the signed JWT token
'JWT_EXP': 60, # JWT expiry time in seconds
'FRONTEND_URL': 'http://localhost:8000/',
# Redirect URL for the client if you are using JWT auth with DRF. See explanation below
'LOGIN_CASE_SENSITIVE': True, # whether of not to get the user in case_sentive mode
'AUTHN_REQUESTS_SIGNED': True, # Require each authentication request to be signed
'LOGOUT_REQUESTS_SIGNED': True, # Require each logout request to be signed
'WANT_ASSERTIONS_SIGNED': True, # Require each assertion to be signed
'WANT_RESPONSE_SIGNED': True, # Require response to be signed
'ACCEPTED_TIME_DIFF': None, # Accepted time difference between your server and the Identity Provider
'ALLOWED_REDIRECT_HOSTS': ["http://localhost:8000/"],
# Allowed hosts to redirect to using the ?next parameter
'TOKEN_REQUIRED': False, # Whether or not to require the token parameter in the SAML assertion
Hi @mostafa,
I am having the same issue. I am having problem in configuring SAML2_AUTH. Can you please help me. Below are my SAML2_AUTH configuration. I am trying with FusionAuth IDP.
`SAML2_AUTH = {
# Metadata is required, choose either remote url or local file path
'METADATA_AUTO_CONF_URL': 'http://localhost:9011/samlv2/metadata/d7d09513-a3f5-401c-9685-34ab6c552453',
# 'METADATA_LOCAL_FILE_PATH': '[The metadata configuration file path]',
'KEY_FILE': '[The key file path]',
'CERT_FILE': '[The certificate file path]',
}`
Originally posted by @PrabhuBose in #205 (comment)
The text was updated successfully, but these errors were encountered: