Django卡在无限循环上的SAML2
我试图使用该模块来实现SSO登录 成功登录后,它陷入无限循环,试图不断地再次登录 我已经尝试删除了Django卡在无限循环上的SAML2,django,saml-2.0,Django,Saml 2.0,我试图使用该模块来实现SSO登录 成功登录后,它陷入无限循环,试图不断地再次登录 我已经尝试删除了@login\u required装饰程序,然后它就可以工作了 但是,我需要@login\u required装饰程序,以防止未登录的用户访问特定视图 我认为django.contrib.auth.backends.modelbend没有正确配置djangosaml2.backends.Saml2Backend 这是我的代码: 设置.py SAML_CONFIG = { # full path
@login\u required@login\u requiredSAML_CONFIG = {
# full path to the xmlsec1 binary programm
'xmlsec_binary': '/usr/bin/xmlsec1',
# your entity id, usually your subdomain plus the url to the metadata view
'entityid': 'http://localhost:8000/saml2/metadata/',
# directory with attribute mapping
'attribute_map_dir': path.join(BASEDIR, 'attribute-maps'),
# this block states what services we provide
'service': {
# we are just a lonely SP
'sp' : {
'name': 'Federated Django sample SP',
'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT,
# For Okta add signed logout requets. Enable this:
# "logout_requests_signed": True,
'endpoints': {
# url and binding to the assetion consumer service view
# do not change the binding or service name
'assertion_consumer_service': [
('http://localhost:8000/tacdb/items/',
saml2.BINDING_HTTP_POST),
],
# url and binding to the single logout service view
# do not change the binding or service name
'single_logout_service': [
# Disable next two lines for HTTP_REDIRECT for IDP's that only support HTTP_POST. Ex. Okta:
('http://localhost:8000/saml2/ls/',
saml2.BINDING_HTTP_REDIRECT),
('http://localhost:8000/saml2/ls/post',
saml2.BINDING_HTTP_POST),
],
},
# Mandates that the identity provider MUST authenticate the
# presenter directly rather than rely on a previous security context.
'force_authn': False,
# Enable AllowCreate in NameIDPolicy.
'name_id_format_allow_create': False,
# attributes that this project need to identify a user
'required_attributes': ['username'],
# attributes that may be useful to have but not required
'optional_attributes': ['eduPersonAffiliation'],
# in this section the list of IdPs we talk to are defined
# This is not mandatory! All the IdP available in the metadata will be considered.
'idp': {
# we do not need a WAYF service since there is
# only an IdP defined here. This IdP should be
# present in our metadata
# the keys of this dictionary are entity ids
'https://localhost/simplesaml/saml2/idp/metadata.php': {
'single_sign_on_service': {
saml2.BINDING_HTTP_REDIRECT: 'https://localhost/simplesaml/saml2/idp/SSOService.php',
},
'single_logout_service': {
saml2.BINDING_HTTP_REDIRECT: 'https://localhost/simplesaml/saml2/idp/SingleLogoutService.php',
},
},
},
},
},
LOGIN_URL = '/tacdb/saml2/login/'
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
MIDDLEWARE.append('djangosaml2.middleware.SamlSessionMiddleware')
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'djangosaml2.backends.Saml2Backend',
)
@csrf_exempt
@login_required
def item_list(request):
....
return render(
request, "items/item_list.html", {"filter": user_filter, "form": form}
)
urlpatterns = [
url(
r"^tacdb/",
include(
[
path('', include('tacdashboard.urls')),
path('saml2/', include('djangosaml2.urls')),
]
)
)
]
这里的问题是我没有使用正确的“断言消费者服务”:
'assertion_consumer_service': [
('http://localhost:8000/tacdb/saml2/acs',
saml2.BINDING_HTTP_POST),
],