[Satosa-dev] usage questions?

Admin IFMSA-Sweden admin at ifmsa.se
Mon Sep 18 04:38:06 CEST 2017



> On 17 Sep 2017, at 21:43, Rainer Hoerbe <rainer at hoerbe.at> wrote:
> 
> 
>> Am 17.09.2017 um 13:39 schrieb Admin IFMSA-Sweden <admin at ifmsa.se <mailto:admin at ifmsa.se>>:
>> 
>> 
>> 
>> Another question, I am trying to setup a proxy with Dynamics 365 Portal as SP and SWAMID metadata as IdP. My intention is to use SWAMID/NORDUNET discovery service for IdP discovery. We will add a web server in front of the proxy later. Our configs for SAML2SAML are on GitHub link below, using self signed certificates (https, metadata, frontend and backend, 4 pairs, not included), however, I can not get any success.
>> 
>> Am I missing anything fundamental?
> 
> Disclaimer: I have just started using SATOSA myself. But I can share the log file of a working proxy:
> 
> 
> [2017-09-17 05:36:33] [DEBUG]: Loaded micro services with endpoints: [<satosa.micro_services.attribute_modifications.AddStaticAttributes object at 0x7f9bcc458da0>]
> [2017-09-17 05:36:48] [DEBUG]: read request data: {'SAMLRequest': ‚jZJdT8IwFI ... 0f+Xkn2CQ==', 'SigAlg': 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 'RelayState': 'ss:mem:e490331e1e ... d20d8923', 'Signature': 'RYnkl ... Y+AxnvQ== <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 'RelayState': 'ss:mem:e490331e1e ... d20d8923', 'Signature': 'RYnkl ... Y+AxnvQ==>'}
> [2017-09-17 05:36:48] [DEBUG]: [urn:uuid:2285f022-6889-4d28-9c68-e46288460227] Loading state from cookie: SATOSA_STATE=„_Td6WFoAAA ... AAAAARZWg=="
> [2017-09-17 05:36:48] [DEBUG]: [urn:uuid:2285f022-6889-4d28-9c68-e46288460227] Routing path: Saml2/sso/redirect
> [2017-09-17 05:36:48] [DEBUG]: [urn:uuid:2285f022-6889-4d28-9c68-e46288460227] Found registered endpoint: module name:'Saml2IDP', endpoint: Saml2/sso/redirect
> [2017-09-17 05:36:48] [DEBUG]: [urn:uuid:2285f022-6889-4d28-9c68-e46288460227] <ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="https://sp5.test.portalverbund.gv.at/Shibboleth.sso/SAML2/POST <https://sp5.test.portalverbund.gv.at/Shibboleth.sso/SAML2/POST>" Destination="https://proxy5.test.portalverbund.gv.at/Saml2/sso/redirect <https://proxy5.test.portalverbund.gv.at/Saml2/sso/redirect>" ID="_c2bdda7d359c3284143d72963bcdb8d3" IssueInstant="2017-09-17T05:36:48Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><ns1:Issuer>https://sp5.test.portalverbund.gv.at/sp.xml <https://sp5.test.portalverbund.gv.at/sp.xml></ns1:Issuer><ns0:NameIDPolicy AllowCreate="1" /></ns0:AuthnRequest>
> 

Thanks Rainer.

Is "Discovery Service” a "work out-of-box” solution, or doe it need any extra config, the SP we are using against the Proxy can otherwise neither use a Discovery or consume metadata with multiple  IdPs (and no signing).

Regards

Mats

> You seem to receive an empty request. 
> 
> - Rainer
> 
> 
>> 
>> Thanks
>> 
>> https://github.com/ifmsasweden/s2s <https://github.com/ifmsasweden/s2s>
>> 
>> docker run -p 443:8000 -v /home/ifmsa/s2s:/opt/satosa/etc -e DATA_DIR=/opt/satosa/etc -e PROXY_PORT=8000 -e METADATA_DIR=metadata satosa/satosa
>> 
>> Writing metadata to 'metadata/frontend.xml'
>> Writing metadata to 'metadata/backend.xml'
>> [2017-09-17 10:34:03 +0000] [1] [INFO] Starting gunicorn 19.7.1
>> [2017-09-17 10:34:03 +0000] [1] [INFO] Listening at: https://0.0.0.0:8000 <https://0.0.0.0:8000/> (1)
>> [2017-09-17 10:34:03 +0000] [1] [INFO] Using worker: sync
>> [2017-09-17 10:34:03 +0000] [19] [INFO] Booting worker with pid: 19
>> [2017-09-17 10:34:04] [INFO ]: Loading backend modules...
>> [2017-09-17 10:34:23] [INFO ]: Setup backends: ['Saml2']
>> [2017-09-17 10:34:23] [INFO ]: Loading frontend modules...
>> [2017-09-17 10:34:23] [INFO ]: Setup frontends: ['Saml2IDP']
>> [2017-09-17 10:34:23] [INFO ]: Loading micro services...
>> [2017-09-17 10:34:23] [INFO ]: Loaded request micro services: []
>> [2017-09-17 10:34:23] [INFO ]: Loaded response micro services: ['AddStaticAttributes']
>> [2017-09-17 10:34:24] [DEBUG]: Loaded backends with endpoints: [<satosa.backends.saml2.SAMLBackend object at 0x7f8b2e900c50>]
>> [2017-09-17 10:34:24] [DEBUG]: Loaded frontends with endpoints: [<satosa.frontends.saml2.SAMLFrontend object at 0x7f8b2defb940>]
>> [2017-09-17 10:34:24] [DEBUG]: Loaded micro services with endpoints: [<satosa.micro_services.attribute_modifications.AddStaticAttributes object at 0x7f8b2defb780>]
>> [2017-09-17 10:36:26] [DEBUG]: read request data: {}
>> [2017-09-17 10:36:26] [DEBUG]: Did not find cookie named 'SATOSA_STATE' in cookie string ''
>> [2017-09-17 10:36:26] [DEBUG]: [urn:uuid:cb482c60-12c8-4d3a-b954-007c7e5e7fd6] Routing path: Saml2IDP/proxy.xml
>> [2017-09-17 10:36:26] [DEBUG]: [urn:uuid:cb482c60-12c8-4d3a-b954-007c7e5e7fd6] Unknown backend Saml2IDP
>>> 
>>> - Rainer
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sunet.se/pipermail/satosa-dev/attachments/20170918/c8a8e9ad/attachment-0001.html>


More information about the Satosa-dev mailing list