一段时间以来,我一直在尝试在 AWX 上配置 SAML (okta),但一直没有成功。用户收到错误400: Bad Request Error Code: GENERAL_NONSUCCESS。
当前 SAML 配置:
SAML_AUTO_CREATE_OBJECTS: false
SOCIAL_AUTH_SAML_SP_ENTITY_ID: 'AWXURL'
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: "{{ lookup('ansible.builtin.file', './cert.pem') }}"
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: "{{ lookup('ansible.builtin.file', './key.pem') }}"
SOCIAL_AUTH_SAML_ORG_INFO: {
"en-US": {
"name": "OKTA",
"url": "AWXURL",
"displayname": "OKTA"
}
}
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: {
"emailAddress": "[email protected]",
"givenName": "FOO"
}
SOCIAL_AUTH_SAML_SUPPORT_CONTACT: {
"emailAddress": "[email protected]",
"givenName": "FOO"
}
SOCIAL_AUTH_SAML_ENABLED_IDPS: {
"okta": {
"attr_email": "Email",
"attr_first_name": "FirstName",
"attr_last_name": "LastName",
"attr_user_permanent_id": "name_id",
"attr_username": "UserName",
"entity_id": "http://www.okta.com/ID",
"url": "https://ORG.oktapreview.com/app/APP/ID/sso/saml",
"x509cert": "MIIIIIIIIIIIIII"
}
}
SOCIAL_AUTH_SAML_SECURITY_CONFIG:
requestedAuthnContext: false
SOCIAL_AUTH_SAML_SP_EXTRA:
SOCIAL_AUTH_SAML_EXTRA_DATA:
SOCIAL_AUTH_SAML_ORGANIZATION_MAP: {
"FOO": {
"admins": true,
"users": true
}
}
SOCIAL_AUTH_SAML_TEAM_MAP:
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {}
SOCIAL_AUTH_SAML_TEAM_ATTR: {}
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: {}
在 Okta 方面,管理员设置了以下映射
有任何想法吗 ?
谢谢