Can't set up saml or auth0

trondhindenes · July 7, 2018, 9:46am

When following the steps outlined here Saml provider not available (apt packages + pip install), I get auth providers enabled in Sentry. However, both the auth0 and SAML providers error out under configuration with the same error:
OneLogin_Saml2_Error: Invalid dict settings: sp_acs_url_invalid,sp_sls_url_invalid

From that issue I get the impression that setting SENTRY_FEATURES['organizations:sso-saml2'] = True is all that should be needed without any explicit pip installs, but that’s not what I’m seeing.

I guess I’m looking for:

explicit instructions to get saml and other providers working right
any feedback on the above exception - is this because my auth providers aren’t installed correctly or is something else going on?

zeeg · July 9, 2018, 4:16pm

@evanpurkhiser anything obvious here to you? I dont think we have any specific settings on sentry.io.

evanpurkhiser · July 9, 2018, 6:11pm

@trondhindenes: A guess might be something wonky with your system url prefix. You could drop a print here and see what the ACS and SLS urls look like:

github.com

getsentry/sentry/blob/master/src/sentry/auth/providers/saml2.py#L363


    },
    'security': security_config,
}


if avd.get('x509cert') is not None:
    saml_config['sp']['x509cert'] = avd['x509cert']


if avd.get('private_key') is not None:
    saml_config['sp']['privateKey'] = avd['private_key']


return saml_config




def build_auth(request, saml_config):
"""
Construct a OneLogin_Saml2_Auth object for the current request.
"""
url = urlparse(options.get('system.url-prefix'))
saml_request = {
    'https': 'on' if url.scheme == 'https' else 'off',
    'http_host': url.hostname,

trondhindenes · July 9, 2018, 7:15pm

That makes perfect sense, thanks. My instance was a local test instance just running in Docker, so there’s every change I didn’t pay enough attention to getting the URLs right.

I’ll prep a proper deployment in Kubernetes with the correct urls and see if the problem persists. Thanks!!

trondhindenes · July 10, 2018, 2:09am

btw, I also had to run “sentry django migrate” in order to activate auth providers, it wasn’t enough to pip install the required packages + set the SENTRY_FEATURES flag.

zeeg · July 10, 2018, 4:57pm

@trondhindenes you should generally always run ‘sentry upgrade’ (vs using the South-native command which is ‘sentry django migrate’)

trondhindenes · July 10, 2018, 4:59pm

You’re right. I was stumped by the fact that it looks for a config file in current directory from where those commands are run - that’s why I couldn’t get a consistent result.

Topic		Replies	Views
Saml provider not available On-Premise	1	2213	July 5, 2018
On-Prem 9.1.1, no way to get SSO (SAML2) working On-Premise	2	2114	April 6, 2020
SAML 2 Authentication Not working on Sentry On-Premise installation On-Premise	0	1101	December 14, 2017
Incorrect SAML2 configuration , disable SAML2 login page On-Premise	4	2643	February 13, 2021
SAML Generic doesn't work with local on premise On-Premise	1	983	February 14, 2020

Can't set up saml or auth0

Related Topics