Getting Blank page and 500 internal server error for redirect to /saml2_auth/acs/ about django-saml2-auth HOT 19 CLOSED

from django-saml2-auth.

Did you get a chance to solve this? I have the same error!

from django-saml2-auth.

Every 500 comes with error logs, could you post the relevant error logs here?

from django-saml2-auth.

I'm afraid you need to check the django log.
Usually it was configured in both django settings and uwsgi config.

from django-saml2-auth.

Internal Server Error: /saml2_auth/acs/
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 35, in inner
response = get_response(request)
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 128, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 126, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/django_saml2_auth/views.py", line 151, in acs
user_email = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('email', 'Email')][0]
KeyError: 'Email'

from django-saml2-auth.

What is the SAML2 user profile you're using? Looks like it does not include 'Email' entry.

from django-saml2-auth.

I'm using Azure AD attributes

I tried to edit my django app attr. to match the AD in vain

from django-saml2-auth.

Can you also provide your SAML2_AUTH settings?

from django-saml2-auth.

SAML2_AUTH = {
    # Required setting
    'METADATA_AUTO_CONF_URL': 'https://login.microsoftonline.com/XXXXXXXXXXXX/federationmetadata/2007-06/federationmetadata.xml?appid=XXXXXXXXXXXXXX',

    # Optional settings below
    'DEFAULT_NEXT_URL': '/admin',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
    'NEW_USER_PROFILE': {
        'USER_GROUPS': [],  # The default group name when a new user logs in
        'ACTIVE_STATUS': True,  # The default active status for new users
        'STAFF_STATUS': True,  # The staff status for new users
        'SUPERUSER_STATUS': False,  # The superuser status for new users
    },
    'ATTRIBUTES_MAP': {  # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
        'email': 'emailaddress',
        'username': 'emailaddress',
        'first_name': 'givenname',
        'last_name': 'surename',
    },
    'TRIGGER': {
        'CREATE_USER': 'path.to.your.new.user.hook.method',
        'BEFORE_LOGIN': 'path.to.your.login.hook.method',
    },
    'ASSERTION_URL': 'https://XXXXXXX.com',  # Custom URL to validate incoming SAML requests against
    'ENTITY_ID': 'https://sts.windows.net/XXXXXXXXXXXXXXXX/',  # Populates the Issuer element in authn request
    'NAME_ID_FORMAT': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',  # Sets the Format property of authn NameIDPolicy element
}

from django-saml2-auth.

I see. yes it was caused by the default assumed field "Email".

This mapping was configured in ATTRIBUTES_MAP. please take a look at the README and tweak your mappings.

Probably you want to try:

'ATTRIBUTES_MAP': {
        'email': 'emailaddress',
        'username': 'name',
        'first_name': 'givenname',
        'last_name': 'surname',
    }
```.

from django-saml2-auth.

And,

1. If you don't need trigger, remove the whole key "TRIGGER".
2. NEW_USER_PROFILE.USER_GROUPS is required so make sure you have a default group.
3. Remove whole key ASSERTION_URL if you don't know that.

from django-saml2-auth.

Hope that helps. please attach the error logs again if you got problem, or let me know if it goes well. 😃

from django-saml2-auth.

Thanks. I will spend more time to investigate. Still stuck with the same error but now with KeyError: 'emailaddress'

from django-saml2-auth.

Any updates?

from django-saml2-auth.

Please raise another issue if this one persistence.

from django-saml2-auth.

Thanks. I will spend more time to investigate. Still stuck with the same error but now with KeyError: 'emailaddress'

Are you able to solve this issue?

from django-saml2-auth.

Did you manage to solve the problem?

from django-saml2-auth.

I solved the problem following @fangli instructions (#52 (comment)):

• I went to views.py and add print(user_identity) in line 171

• I checked the user_identity, which is as follows:

{(...), 
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname': ['Xxx'],
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname': ['Xxx'], 
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': ['[email protected]'], 
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': ['[email protected]']}

• And I changed the attribute maps:

'ATTRIBUTES_MAP': { 
        'email': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', 
        'username': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',     
        'first_name': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',   
        'last_name': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',                                    
},

from django-saml2-auth.

Hii,
I am facing the same issue, tried printing the user_identity as mentioned.. getting user_identity as empty dictionary({})... Can someone please help me to fix this.

Thanks in advance

from django-saml2-auth.