Django SAML整合 [英] Django SAML integration
问题描述
我正在使用在Docker本地运行的Django 1.9,Python 3(用于测试)
尝试将 django-saml2-auth 集成到我的应用程序中.
几乎遵循了文档中的所有步骤:
1)所有安装均成功完成
2)新网址已导入其余网址上方
3)安装的应用程序包括'django_saml2_auth'
4)将'SAML2_AUTH'
字典放置在设置中(并且映射了所有属性)
5)在SAML2身份提供程序(使用OneLogin)中,单点登录URL和受众URI(SP实体ID)设置为 http://127.0.0.1:8000/saml2_auth/acs/
I am using Django 1.9, Python 3, running locally on Docker (for testing)
Trying to integrate django-saml2-auth into my application.
Pretty much followed all the steps in the docs:
1) All installations were successful
2) New URLs were imported above the rest
3) Installed apps includes 'django_saml2_auth'
4) 'SAML2_AUTH'
dict was placed in settings (and all attributes were mapped)
5) In the SAML2 identity provider (using OneLogin), the Single-sign-on URL and Audience URI(SP Entity ID) was set to http://127.0.0.1:8000/saml2_auth/acs/
发生的事情是,当我进入 http://127.0.0.1:8000/admin 浏览器进入无限重定向循环:
What happens is that when I get to http://127.0.0.1:8000/admin the browser goes into an infinite redirect loop:
...
[02/May/2018 15:43:06] "GET /admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:06] "GET /admin/login/?next=/admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:07] "POST /saml2_auth/acs/ HTTP/1.1" 302 0
[02/May/2018 15:43:07] "GET /admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:07] "GET /admin/login/?next=/admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:08] "POST /saml2_auth/acs/ HTTP/1.1" 302 0
[02/May/2018 15:43:08] "GET /admin/ HTTP/1.1" 302 0
...
- 当我禁用
django-saml2-auth
时,我看到创建了一个职员用户.
-
在
OneLogin
界面中,我可以看到我已成功登录.
- When I disable
django-saml2-auth
I see that a staff user was created. In the
OneLogin
interface I can see that I logged in successfully.覆盖
django_saml2_auth.views.signin(r)
,其中r
是django.core.handlers.wsgi.WSGIRequest
,对于< WSGIRequest:GET'/admin/login/?next =/admin/'>
,并在请求中将user
设置为AnonymousUser
,COOKIES
包含sessionid
和csrftoken
.Overriding
django_saml2_auth.views.signin(r)
, wherer
is adjango.core.handlers.wsgi.WSGIRequest
, for<WSGIRequest: GET '/admin/login/?next=/admin/'>
, and in the request, theuser
is set toAnonymousUser
,COOKIES
containsessionid
andcsrftoken
.我希望创建/获取用户的会话将开始,并且我将进入
/admin/
页面.I would expect that a session would start for the user that was created/fetched, and that I will get to an
/admin/<whatever>
page.我将非常感谢您提供的调试帮助,谢谢!
I will appreciate any help in debugging this, thank you!
通过从
settings.py
中删除AUTHENTICATION_BACKENDS
,可以使它正常工作-我还使用了3个其他后端.似乎它们与django-saml2-auth
冲突.
有什么方法可以让django-saml2-auth
与其他后端一起使用?I was able to get it to work by removing
AUTHENTICATION_BACKENDS
fromsettings.py
- I have 3 other backends that I use. It seems like they conflict withdjango-saml2-auth
.
Is there any way to getdjango-saml2-auth
to work with other backends?将尝试集成 django-saml2-pro-auth ,它具有后端,因此不会发生冲突.不过,我非常感谢您提供一些见识.
EDIT 2: Will try to integrate django-saml2-pro-auth, which has a backend so will not conflict. I would really appreciate some insight though.
回到编辑2,当我删除所有后端并且它们没有冲突时,日志流如下所示:
EDIT 3: back to EDIT 2, when I remove all the backends and they don't conflict, the log flow looks like that:
[04/May/2018 15:24:26] "GET /admin/ HTTP/1.1" 302 0 [04/May/2018 15:24:27] "GET /admin/login/?next=/admin/ HTTP/1.1" 302 [04/May/2018 15:26:27] "POST /saml2_auth/acs/ HTTP/1.1" 302 0 [04/May/2018 15:26:27] "GET /admin/ HTTP/1.1" 200 38398
最后一个
GET
不能重定向到200.Where the last
GET
does not get redirected, with 200.推荐答案
问题已解决:进行更深入的研究后-似乎是此代码的问题:
在django_saml2_auth/views.py中,acs()
:Issue resolved: After taking a deeper dive- it seems like this code is the issue:
Indjango_saml2_auth/views.py, acs()
:if target_user.is_active: target_user.backend = 'django.contrib.auth.backends.ModelBackend' login(r, target_user) else: return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
似乎默认的ModelBackend是必需的.当使用其他后端时,Django不再使用默认值,因此无限循环.如果将默认后端添加到后端列表中,则一切都会按预期进行.
It seems like the default ModelBackend is necessary. When other backends are used, the default is no longer used by Django, and hence the infinite loop. If the default backend is added to the list of backends, everything works as intended.
这篇关于Django SAML整合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- When I disable