Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAMLRequest empty on SP-initiated request #66

Open
Matteo- opened this issue Nov 25, 2021 · 6 comments
Open

SAMLRequest empty on SP-initiated request #66

Matteo- opened this issue Nov 25, 2021 · 6 comments

Comments

@Matteo-
Copy link

Matteo- commented Nov 25, 2021

Hi @distortedsignal
I'm going to implement a SP-Initiated SAML workflow. The error I get is: empty SAMLRequest in the url.
Do you confirm it Is feature non yet implemented in this version?
Are there any other way to implement this SAML SP-initiated modality?

thank you
@distortedsignal
Copy link
Contributor

I'm not totally clear on a) what you're doing or b) where you're seeing the error that you mentioned.

Could you give me a set of steps so that I can understand your use case better?

@tomcatling
Copy link

hi @Matteo- , see my fork for a minimal example of getting a SP-initiated auth flow working with the AWS SSO Portal. It seems fairly simple if you don't need to sign the request (which you don't with AWS SSO).

I've tested this with a local deployment of JupyterHub with the following config:

# A simple example configuration.
## Class for authenticating users.
c.JupyterHub.authenticator_class = 'samlauthenticator.SAMLAuthenticator'

# Where the SAML IdP's metadata is stored.
c.SAMLAuthenticator.metadata_filepath = '/etc/jupyterhub/metadata.xml'
c.SAMLAuthenticator.time_format_string = '%Y-%m-%dT%H:%M:%S.%fZ'
c.SAMLAuthenticator.audience = 'http://localhost:8000/hub' # must exactly match the value in AWS
c.SAMLAuthenticator.acs_endpoint_url = 'http://localhost:8000/hub/login'

and a live deployment of AWS SSO, and it works as it should. Grateful for any advice on making it a bit more elegant.

@tomcatling tomcatling mentioned this issue Jan 29, 2022
Open
@erik-kkr
Copy link

erik-kkr commented Mar 8, 2023

I also ran into this, needing support for the SP-initiated flow. I was able to make it work with @tomcatling's fork, so it'd be really nice to see this upstreamed.

@distortedsignal is there anything holding up his PR?

@distortedsignal
Copy link
Contributor

I also ran into this, needing support for the SP-initiated flow. I was able to make it work with @tomcatling's fork, so it'd be really nice to see this upstreamed.

@distortedsignal is there anything holding up his PR?

Well, it's a draft. To me, that says that the PR isn't ready for review. When it moves from draft into ready for review, I'll review it.

@tomcatling
Copy link

Sorry, I put that together when I was using the library for work and I've moved jobs since then, so it's pretty unlikely I'll get through the 'To do' list in the PR.

@erik-kkr
Copy link

Fair enough. Thanks both of you for the response. Maybe I can find the time to take over.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@distortedsignal @tomcatling @Matteo- @erik-kkr