Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MissingKey error #162

Open
nmilev-scribe opened this issue May 7, 2021 · 2 comments
Open

MissingKey error #162

nmilev-scribe opened this issue May 7, 2021 · 2 comments

Comments

@nmilev-scribe
Copy link

nmilev-scribe commented May 7, 2021
edited

When trying to use this package for SAML2 integration with Okta, I'm getting this error:

Traceback (most recent call last):
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/entity.py", line 1455, in _parse_response
    response = response.loads(xmlstr, False, origxml=xmlstr)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 516, in loads
    self._loads(xmldata, decode, origxml)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 340, in _loads
    **args)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1689, in correctly_signed_response
    class_name(response), origdoc)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1464, in _check_signature
    raise MissingKey(_issuer)

During handling of the above exception (my_entity_id), another exception occurred:
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/sentry_sdk/integrations/django/views.py", line 63, in callback
    return old_callback(*args, **kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/sentry_sdk/integrations/django/views.py", line 63, in callback
    return old_callback(*args, **kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/django_saml2_auth/views.py", line 159, in acs
    resp, entity.BINDING_HTTP_POST)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/client_base.py", line 812, in parse_authn_request_response
    xmlstr, AuthnResponse, "assertion_consumer_service", binding, **kwargs
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/entity.py", line 1465, in _parse_response
    response = response.loads(xmlstr, False, origxml=xmlstr)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 516, in loads
    self._loads(xmldata, decode, origxml)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/response.py", line 340, in _loads
    **args)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1689, in correctly_signed_response
    class_name(response), origdoc)
  File "/Users/nikolamilev/projects/colony/platform/scribe-api/local-env/lib/python3.7/site-packages/saml2/sigver.py", line 1464, in _check_signature
    raise MissingKey(_issuer)

Exception Type: MissingKey at /saml2_auth/acs/
Exception Value: my_entity_id

My setup:

settings.py:

SAML2_AUTH = {
    'METADATA_AUTO_CONF_URL': 'https://my_okta_domain.okta.com/app/my_entity_id/sso/saml/metadata/',
    'DEFAULT_NEXT_URL': '/',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
    'CREATE_USER': 'TRUE', # Create a new Django user when a new user logs in. Defaults to True.
    'ASSERTION_URL': 'https://my_okta_domain.okta.com/app/generic-saml/my_entity_id/saml2', # Custom URL to validate incoming SAML requests against
    'ENTITY_ID': 'my_entity_id', # Populates the Issuer element in authn request
    'USE_JWT': True, # Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are using JWT authentication to authorize client users
    'FRONTEND_URL': 'http://localhost:3000', # Redirect URL for the client if you are using JWT auth with DRF. See explanation below
}

urls.py:

re_path(r'^saml2_login/$', django_saml2_auth.views.signin),
re_path(r'^saml2_auth/', include('django_saml2_auth.urls')),

Am I doing something wrong? As far as I've researched, this means there is a missing certificate. If so, how do I connect it to Django BE?
@syedgufran95
Copy link

I am getting the same error. cloning the library to solve the issue

@syedgufran95
Copy link

I have solved the issue . The problem comes from idp side you need to check that you have properly set attribute stamenents.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@syedgufran95 @nmilev-scribe