Django SAML2 Authentication with AZURE

I have a Django application in production on an Ubuntu 20.04 server that uses python3.8.10 and I'm trying to implement the SSO connection with pysaml2 with Azure. I chose to use the django-saml2-auth-ai package.

So I have configured correctly according to the doc. However when I try my url /accounts/login/ I get an error /saml/deny/. same for /saml/acs/.

I changed 'DEFAULT_NEXT_URL' to /admin and now the redirection is working with the url /accounts/login/ BUT i have a KeyError with the mapping attributes :

    Traceback (most recent call last):
  File "/var/www/html/api/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/var/www/html/api/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/var/www/html/api/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/var/www/html/api/venv/lib/python3.8/site-packages/django_saml2_auth/views.py", line 219, in acs
    user_name = user_identity[

Exception Type: KeyError at /saml/acs/
Exception Value: 'user.displayname'

This is my config attributes on Azure : enter image description here

urls.py

import django_saml2_auth.views


urlpatterns = [
    path('saml/', include('django_saml2_auth.urls')),
    path('accounts/login/', django_saml2_auth.views.signin),
    path('', login_, name="login"),
    path('admin/', admin.site.urls),
    path('accounts/', include('accounts.urls')),
]

settings.py

# more code...

LOGIN_URL = "/accounts/login"
LOGIN_REDIRECT_URL = 'accounts:index'

# more code...

SAML2_AUTH = {
'SAML_CLIENT_SETTINGS': {  # Pysaml2 Saml client settings
    'entityid': 'https://mysiteweb.com/',

    'metadata': {
        'local': [
            os.path.join(BASE_DIR, 'mysiteweb.xml'),
        ],
    },
    'service': {
        'sp': {
            'logout_requests_signed': True,
            'idp': 'https://sts.windows.net/83d4d*****-*****-***/'
        }
    }
},
'debug': 1,
'DEFAULT_NEXT_URL': 'https://mysiteweb.com/',
'NEW_USER_PROFILE': {
    'USER_GROUPS': [],  # The default group name when a new user logs in
    'ACTIVE_STATUS': True,  # The default active status for new users
    'STAFF_STATUS': False,  # The staff status for new users
    'SUPERUSER_STATUS': False,  # The superuser status for new users
},
'ATTRIBUTES_MAP': {  # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
    'email': 'user.userprincipalname',
    'username': 'user.displayname',
    'first_name': 'user.givenname',
    'last_name': 'user.surname',
},

'ASSERTION_URL': 'https://mysiteweb.com',
}

I'm using SAML-TRACER on chrome and et Django LOGGERS like this :

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'file': {
            'level': 'DEBUG',
            'class': 'logging.FileHandler',
            'filename': '/var/www/html/api/api/debug.log',
        },
    },
    'loggers': {
        'django': {
            'handlers': ['file'],
            'level': 'DEBUG',
            'propagate': True,
        },
        'saml2': {
            'handlers': ['file'],
            'level': 'DEBUG',
            'propagate': True,
        },
    },
}
Back to Top