Member since
10-03-2017
4
Posts
0
Kudos Received
0
Solutions
10-04-2017
08:22 AM
Thank you for your response. It is working with user_attribute_mapping='{"uid":"username"}'. I was following the given example user_attribute_mapping={'uid': ('username', )} which was failing. Thank you once again.
... View more
10-03-2017
02:36 PM
Surprisingly commenting out “user_attribute_mapping={'uid': ('username',)}” in config file (is uses same thing which is default) does the magic. Looks like following code in libsaml/conf.py is creating problem. def dict_list_map(value):
if isinstance(value, str):
d = {}
for k, v in json.loads(value).iteritems():
d[k] = (v,)
return d
elif isinstance(value, dict):
return value
return None
USER_ATTRIBUTE_MAPPING = Config(
key="user_attribute_mapping",
default={'uid': ('username', )},
type=dict_list_map,
help=_t("A mapping from attributes in the response from the IdP to django user attributes."))
... View more
10-03-2017
11:29 AM
Hi I am trying to configure HUE with SAML Authentication and receiving following error: [03/Oct/2017 11:13:36 +0000] response DEBUG conditions: <?xml version='1.0' encoding='UTF-8'?>
<saml:Conditions xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore="2017-10-03T18:08:35.668Z" NotOnOrAfter="2017-10-03T18:18:35.668Z"><saml:AudienceRestriction><saml:Audience>http://xxxxx.us-east-1.elb.amazonaws.com/saml2/metadata/</saml:Audience></saml:AudienceRestriction></saml:Conditions>
[03/Oct/2017 11:13:36 +0000] response DEBUG --- Getting Identity ---
[03/Oct/2017 11:13:36 +0000] response DEBUG Attribute Statement: <?xml version='1.0' encoding='UTF-8'?>
<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">svasiraju</saml:AttributeValue></saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">abc@yahoo.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
[03/Oct/2017 11:13:36 +0000] response DEBUG Converts name format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
[03/Oct/2017 11:13:36 +0000] response DEBUG --- AVA: {'uid': ['svasiraju'], 'email': ['abc@yahoo.com']}
[03/Oct/2017 11:13:36 +0000] response INFO Subject NameID: <?xml version='1.0' encoding='UTF-8'?>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName">abc@yahoo.com</saml:NameID>
[03/Oct/2017 11:13:36 +0000] client_base INFO --- ADDED person info ----
[03/Oct/2017 11:13:36 +0000] backends ERROR Session info or attribute mapping are None
[03/Oct/2017 11:13:36 +0000] views ERROR The user is None Here is my configuration in HUE: # Xmlsec1 binary path. This program should be executable by the user running Hue.
xmlsec_binary=/usr/bin/xmlsec1
assertion_consumer_service_uri="http://xxx.us-east-1.elb.amazonaws.com/saml2/acs/"
entity_id="http://xxx.us-east-1.elb.amazonaws.com/saml2/metadata/"
create_users_on_login=true
required_attributes=uid
metadata_file=/opt/hue/desktop/conf/metadata2.xml
key_file=/opt/hue/desktop/conf/mattermost-x509.pem
cert_file=/opt/hue/desktop/conf/cert2.pem
user_attribute_mapping={'uid': ('username', ), 'email': ('email', )},
logout_requests_signed=true
username_source=attributes TIA
... View more
Labels:
- Labels:
-
Cloudera Hue