social_core.exceptions.AuthFailed: Authentication failed: SAML login failed: ['invalid_response'] #866
Description
I have this module working fine using SAML auth with Google to my django app and now trying to port the same setup into a kubernetes environment.
There is an issue around the port number being added to the host.
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 179, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.8/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_django/utils.py", line 49, in wrapper
return func(request, backend, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_django/views.py", line 31, in complete
return do_complete(request.backend, _do_login, user=request.user,
File "/usr/local/lib/python3.8/site-packages/social_core/actions.py", line 45, in do_complete
user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_core/backends/base.py", line 40, in complete
return self.auth_complete(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_core/backends/saml.py", line 320, in auth_complete
raise AuthFailed(
social_core.exceptions.AuthFailed: Authentication failed: SAML login failed: ['invalid_response'] (The response was received at <site redacted>:8000/complete/saml/ instead of <site redacted>/complete/saml/)
I can't see any possible way to overcome this using the settings available, I have tried using ideas from
Appears to be the same issue
USE_X_FORWARDED_PORT = True
but still get the same problem
Why is the port (8000 in my case the local port in the cluster for django/gunicorn) getting added in the container based implementation. Very frustrating maybe it is better to switch to oAuth?