I am configuring SSO with Ping. Here is the configuration:
_saml_config = {
'sp': {
'entityId': 'indico-saml',
'x509cert': '...',
'privateKey': '...',
},
'idp': {
'entityId': 'link:ping.domain',
'singleSignOnService': {
'url': 'link:/idp/SSO.saml2',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
},
'singleLogoutService': {
'url': 'link/idp/ARS.ssaml2',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
},
'x509cert': '...',
},
'security': {
'nameIdEncrypted': False,
'authnRequestsSigned': True,
'logoutRequestSigned': True,
'logoutResponseSigned': True,
'signMetadata': True,
'wantMessagesSigned': True,
'wantAssertionsSigned': True,
'wantNameId' : True,
'wantNameIdEncrypted': False,
'wantAssertionsEncrypted': False,
'allowSingleLabelDomains': False,
'signatureAlgorithm': 'link:www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'digestAlgorithm': 'link:www.w3.org/2001/04/xmlenc#sha256'
}
}
AUTH_PROVIDERS = {
'saml': {
'type': 'saml',
'title': 'SAML SSO',
'saml_config': _saml_config,
# If your IdP is using ADFS you may need to uncomment this. For details, see
# https://github.com/onelogin/python-saml/pull/144
# 'lowercase_urlencoding': True
}
}
IDENTITY_PROVIDERS = {
'saml': {
'type': 'saml',
'title': 'SSO',
'mapping': {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
'affiliation': 'company',
},
'trusted_email': True,
'identifier_field': 'Username',
}
}
The attributes in Ping are
I got error:
...
File "/opt/indico/.venv/lib/python3.9/site-packages/indico/core/auth.py", line 116, in handle_auth_error
fn('Authentication via %s failed: %s (%r)', exc.provider.name if exc.provider else None, exc_str,
...
indico-uwsgi[272130]: Message: 'Authentication via %s failed: %s (%r)'
indico-uwsgi[272130]: Arguments: (None, 'SAML login failed', None)
Could you please advise on this issue? Thanks!