Django SAML2 Authentication with AZURE
I have a Django application in production on an Ubuntu 20.04 server that uses python3.8.10 and I'm trying to implement the SSO connection with pysaml2 with Azure. I chose to use the django-saml2-auth-ai package.
So I have configured correctly according to the doc. However when I try my url /accounts/login/ I get an error /saml/deny/. same for /saml/acs/.
I changed 'DEFAULT_NEXT_URL' to /admin and now the redirection is working with the url /accounts/login/ BUT i have a KeyError with the mapping attributes :
Traceback (most recent call last):
File "/var/www/html/api/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/var/www/html/api/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/var/www/html/api/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/var/www/html/api/venv/lib/python3.8/site-packages/django_saml2_auth/views.py", line 219, in acs
user_name = user_identity[
Exception Type: KeyError at /saml/acs/
Exception Value: 'user.displayname'
This is my config attributes on Azure :
urls.py
import django_saml2_auth.views
urlpatterns = [
path('saml/', include('django_saml2_auth.urls')),
path('accounts/login/', django_saml2_auth.views.signin),
path('', login_, name="login"),
path('admin/', admin.site.urls),
path('accounts/', include('accounts.urls')),
]
settings.py
# more code...
LOGIN_URL = "/accounts/login"
LOGIN_REDIRECT_URL = 'accounts:index'
# more code...
SAML2_AUTH = {
'SAML_CLIENT_SETTINGS': { # Pysaml2 Saml client settings
'entityid': 'https://mysiteweb.com/',
'metadata': {
'local': [
os.path.join(BASE_DIR, 'mysiteweb.xml'),
],
},
'service': {
'sp': {
'logout_requests_signed': True,
'idp': 'https://sts.windows.net/83d4d*****-*****-***/'
}
}
},
'debug': 1,
'DEFAULT_NEXT_URL': 'https://mysiteweb.com/',
'NEW_USER_PROFILE': {
'USER_GROUPS': [], # The default group name when a new user logs in
'ACTIVE_STATUS': True, # The default active status for new users
'STAFF_STATUS': False, # The staff status for new users
'SUPERUSER_STATUS': False, # The superuser status for new users
},
'ATTRIBUTES_MAP': { # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
'email': 'user.userprincipalname',
'username': 'user.displayname',
'first_name': 'user.givenname',
'last_name': 'user.surname',
},
'ASSERTION_URL': 'https://mysiteweb.com',
}
I'm using SAML-TRACER on chrome and et Django LOGGERS like this :
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'file': {
'level': 'DEBUG',
'class': 'logging.FileHandler',
'filename': '/var/www/html/api/api/debug.log',
},
},
'loggers': {
'django': {
'handlers': ['file'],
'level': 'DEBUG',
'propagate': True,
},
'saml2': {
'handlers': ['file'],
'level': 'DEBUG',
'propagate': True,
},
},
}