Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generated jwt token is not validated in API (djangorestframework-simplejwt) #251

Closed
romuluc opened this issue Feb 23, 2024 · 1 comment
Closed

Generated jwt token is not validated in API (djangorestframework-simplejwt) #251

romuluc opened this issue Feb 23, 2024 · 1 comment

Comments

@romuluc
Copy link

romuluc commented Feb 23, 2024
edited

Hello,

I am using the django-saml2-auth with JWT to integrating to django-restframework. In my project I am using too djangorestframework-simplejwt. However, the jwt token generated after saml authentication in Azure AD is not validated in my API.

When I try to access some endpoint of my API:

{
  "status": "error",
  "code": 401,
  "data": null,
  "message": "Given token not valid for any token type"
}

Some points of my settings:

SIMPLE_JWT = {
    "ACCESS_TOKEN_LIFETIME": timedelta(days=1),
    "REFRESH_TOKEN_LIFETIME": timedelta(days=2),
    'AUTH_HEADER_TYPES': ('Token',),
    'UPDATE_LAST_LOGIN': True,
    "TOKEN_OBTAIN_SERIALIZER": "myapi.token.serializer.CustomTokenObtainPairSerializer",
    "ALGORITHM": "HS256",
}

SAML2_AUTH = {
    'METADATA_LOCAL_FILE_PATH': '/app/static/PSAT-Core-Saml2.xml',

    'KEY_FILE': '/app/static/chave_privada.key',
    'CERT_FILE': '/app/static/certificado.crt',

    'DEBUG': True,
    'DEFAULT_NEXT_URL': '/api',

    'CREATE_USER': 'TRUE',
    'NEW_USER_PROFILE': {
        'USER_GROUPS': [],
        'ACTIVE_STATUS': True,
        'STAFF_STATUS': False,
        'SUPERUSER_STATUS': False,
    },
    'ATTRIBUTES_MAP': {
        'email': 'name',
        'username': 'name',
        'first_name': 'givenname',
        'last_name': 'surname',
    },

    'ASSERTION_URL': 'http://localhost:8000', # Custom URL to validate incoming SAML requests against
    'ENTITY_ID': 'http://localhost:8000/saml2_auth/acs/', # Populates the Issuer element in authn request
    'NAME_ID_FORMAT': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', # Sets the Format property of authn NameIDPolicy element
    'USE_JWT': True,
    'JWT_ALGORITHM': 'HS256',  # JWT algorithm to sign the message with
    'JWT_SECRET': 'your.jwt.secret',  # JWT secret to sign the message with
    'FRONTEND_URL': 'http://localhost:3000/login',
    'WANT_ASSERTIONS_SIGNED': True,
    'AUTHN_REQUESTS_SIGNED': True,
    'WANT_RESPONSE_SIGNED': True,
    'TOKEN_REQUIRED': False
}

I'm glad for any help.
@romuluc
Copy link
Author

romuluc commented Feb 23, 2024

Sorry,

I solved it by creating a TRIGGER.CUSTOM_CREATE_JWT as explained in the docs.

Thanks!

@romuluc romuluc closed this as completed Feb 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@romuluc