NoneType' object has no attribute 'format' #45
Comments
|
The Nameid declaration in the metadata that you have posted do not seem to be valid A valid Example could be: |
|
I did what you recommended, but it didn't work. IDP NameID: SP NameID: Another thing I'm doing, but not sure about is, in the settings where is set the |
|
Mind that metadata in pysaml2 can be autogenerated, a SP can fetch them through an URL, I discourage manual metadata editing. Idp's metadata are available, standing of the following example, to In pysaml2 metadatas can be used as localfile, local direcory, inmemory, mdq and remote. I also developed uniAuth IDP, a djangosaml2idp fork, that let you configure metadata and SP through admin UI. https://uniauth.readthedocs.io/en/latest/index.html Do your best |
|
Yes, I made some manual metadata editing, but even when I'm trying to run my project with autogenerated metadata, it doesn't work. This metadata I got from And this I got from SP service: |
|
I know this kind of problem, there at least two other issues dedicated to Nameid format. If It Is unsupported there come exception. I suggest you to use uniAuth or other fork still available in pull requests of this project! |
|
Bytheway It would be usefull have a dump of the authnrequest djangosaml2idp/djangosaml2idp/views.py Line 116 in 8a23806 I think that signature validation or other related to authrequest parse fails, and as you can see in the previous link that exception Is not handled in a proper way. This behaviour was fixed in the pending PR that belongs to third-party forks |
I believe this will fix a flow where the nameid format is not specified. I got an error similar to OTA-Insight#45, so I think it's related.
I believe this will fix a flow where the nameid format is not specified. I got an error similar to OTA-Insight#45 (None has no attribute format), so I think it's related.
|
This was a bug and has been fixed in v0.6.2 |
Hello,
I am trying to integrate this library with Tableau, to do SAML authentication. I followed the documentation steps. but after login, the error below appears on the screen
Error during SAML2 authentication
AttributeError
'NoneType' object has no attribute 'format'
I saw that this error happens because the value
name_id_policyis empty, and the library try to doresp_args['name_id_policy'].formatDoes anyone have any idea why this occurs?
This is my SP metadata:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="Lj.RwoZKDQsM6i2XUKS1y3T.U4f" cacheDuration="PT1440M" entityID="https://backendplataforma-development.azurewebsites.net">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
<ds:Reference URI="#Lj.RwoZKDQsM6i2XUKS1y3T.U4f">
ds:Transforms
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
ds:DigestValue+lWZYmzydT1spQiK4RHV6P9AIGP8V0Q7a70q/PKLC5A=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
ds:SignatureValuexxx</ds:SignatureValue>
</ds:Signature>
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
ds:X509Data
ds:X509Certificatexxx</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
md:NameIDFormaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
md:NameIDFormaturn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://backendplataforma-development.azurewebsites.net/idp/sso/post" />
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://backendplataforma-development.azurewebsites.net/idp/sso/redirect" />
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
</md:IDPSSODescriptor>
<md:ContactPerson contactType="administrative">
md:CompanyTableau PingFed Demo</md:Company>
</md:ContactPerson>
</md:EntityDescriptor>
And this is my IDP metadata:
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" entityID="https://backendplataforma-development.azurewebsites.net/idp/metadata" validUntil="2020-08-13T14:41:28Z">
ns0:Extensions
<ns1:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
<ns1:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
<ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ns1:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
<ns1:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ns1:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
<ns1:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
<ns1:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
</ns0:Extensions>
<ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<ns0:KeyDescriptor use="signing">
ns2:KeyInfo
ns2:X509Data
ns2:X509Certificatexxxxx</ns2:X509Certificate>
</ns2:X509Data>
</ns2:KeyInfo>
</ns0:KeyDescriptor>
<ns0:KeyDescriptor use="encryption">
ns2:KeyInfo
ns2:X509Data
ns2:X509Certificatexxx</ns2:X509Certificate>
</ns2:X509Data>
</ns2:KeyInfo>
</ns0:KeyDescriptor>
ns0:NameIDFormat
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</ns0:NameIDFormat>
ns0:NameIDFormat
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</ns0:NameIDFormat>
<ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://xxx/idp/sso/post"/>
<ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://xxx/idp/sso/redirect"/>
</ns0:IDPSSODescriptor>
The text was updated successfully, but these errors were encountered: