Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Error while configuring HUE with SAML

Solved Go to solution

Error while configuring HUE with SAML

New Contributor

Hi

  I am trying to configure HUE with SAML Authentication and receiving following error:

 

 [03/Oct/2017 11:13:36 +0000] response DEBUG conditions: <?xml version='1.0' encoding='UTF-8'?>
<saml:Conditions xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore="2017-10-03T18:08:35.668Z" NotOnOrAfter="2017-10-03T18:18:35.668Z"><saml:AudienceRestriction><saml:Audience>http://xxxxx.us-east-1.elb.amazonaws.com/saml2/metadata/</saml:Audience></saml:AudienceRestriction></saml:Conditions>
[03/Oct/2017 11:13:36 +0000] response DEBUG --- Getting Identity ---
[03/Oct/2017 11:13:36 +0000] response DEBUG Attribute Statement: <?xml version='1.0' encoding='UTF-8'?>
<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">svasiraju</saml:AttributeValue></saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">abc@yahoo.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
[03/Oct/2017 11:13:36 +0000] response DEBUG Converts name format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
[03/Oct/2017 11:13:36 +0000] response DEBUG --- AVA: {'uid': ['svasiraju'], 'email': ['abc@yahoo.com']}
[03/Oct/2017 11:13:36 +0000] response INFO Subject NameID: <?xml version='1.0' encoding='UTF-8'?>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName">abc@yahoo.com</saml:NameID>
[03/Oct/2017 11:13:36 +0000] client_base INFO --- ADDED person info ----
[03/Oct/2017 11:13:36 +0000] backends ERROR Session info or attribute mapping are None
[03/Oct/2017 11:13:36 +0000] views ERROR The user is None

Here is my configuration in HUE:

 

# Xmlsec1 binary path. This program should be executable by the user running Hue.
   xmlsec_binary=/usr/bin/xmlsec1
        assertion_consumer_service_uri="http://xxx.us-east-1.elb.amazonaws.com/saml2/acs/"
  
entity_id="http://xxx.us-east-1.elb.amazonaws.com/saml2/metadata/"
   create_users_on_login=true
    required_attributes=uid
  metadata_file=/opt/hue/desktop/conf/metadata2.xml

     key_file=/opt/hue/desktop/conf/mattermost-x509.pem

  cert_file=/opt/hue/desktop/conf/cert2.pem

     user_attribute_mapping={'uid': ('username', ), 'email': ('email', )},
     logout_requests_signed=true
     username_source=attributes

TIA

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Error while configuring HUE with SAML

Super Guru

@sudhakarv,

 

I have used the following with success previously:

user_attribute_mapping='{"uid":"username"}'

 

It does appear that the IDP --> Django mapping is not occurring.  Currently we only use map to "username".

 

4 REPLIES 4

Re: Error while configuring HUE with SAML

New Contributor

Surprisingly commenting out “user_attribute_mapping={'uid': ('username',)}” in config file (is uses same thing which is default) does the magic. Looks like following code in libsaml/conf.py is creating problem.

def dict_list_map(value):
  if isinstance(value, str):
    d = {}
    for k, v in json.loads(value).iteritems():
      d[k] = (v,)
    return d
  elif isinstance(value, dict):
    return value
  return None

USER_ATTRIBUTE_MAPPING = Config(
  key="user_attribute_mapping",
  default={'uid': ('username', )},
  type=dict_list_map,
  help=_t("A mapping from attributes in the response from the IdP to django user attributes."))

Re: Error while configuring HUE with SAML

Super Guru

@sudhakarv,

 

I have used the following with success previously:

user_attribute_mapping='{"uid":"username"}'

 

It does appear that the IDP --> Django mapping is not occurring.  Currently we only use map to "username".

 

Re: Error while configuring HUE with SAML

New Contributor

Thank you for your response. It is working with user_attribute_mapping='{"uid":"username"}'. I was following the given example user_attribute_mapping={'uid': ('username', )} which was failing. 

 

Thank you once again.

Highlighted

Re: Error while configuring HUE with SAML

Explorer

@bgooley

 

Can you help me with some example for user_attribute_mapping='{"uid":"username"}'  ?

 

My requirement is:

 

Post integrating with SAML when user try to access Hue UI, If IDP returns UID of user post authentication but when user logged in Hue UI shows Username which i want to be displayed.

 

Can you help me to understand about below property which says

 

user_attribute_mapping  - Map user attributed provided by IDP to Hue attributes

 

What is Hue attributes?

 

- Vijay M

Don't have an account?
Coming from Hortonworks? Activate your account here