django-saml2-auth: Infinite Redirects on Login

Question

I'm completely new to django-saml2-auth (and SAML2 with Django in general) and am trying to get it working with Microsoft ADFS.

When I hit my Django app it successfully redirects me to the federated login page, but after providing valid credentials, the app then goes into a loop where it's just flipping back and forth between my ENTITY_ID URL (which is https://myapp/saml2_auth/acs/) and a URL on the ADFS server with continually changing SAMLRequest values as a URL parameter.

The only clue I have to go on at this point is when I check my browser history, eventually one of the page titles for all this activity in the history is "SigVer Error" but after some cursory googling I'm not sure what that might mean. I saw some references to disabling signed responses at the pysaml2 level but didn't want to go too far with that without first trying to figure out if that's even the issue given the behavior I'm seeing.

Any ideas? I can share my settings if that'd be helpful but the only optional setting I'm adding is the ENTITY_ID value since that's required by ADFS.

Debugging is also a bit of a challenge since at this point even with the Django debug level set to DEBUG it isn't revealing much, so if there's debugging tips with django-saml2-auth people can share that would be much appreciated.

Since I'm new to getting Django working with SAML2 at all I'm also not married to django-saml2-auth if there's easier/better ways to do this. Thanks for any advice anyone can provide!

Answer 1

In case people come across this in the future, turned out to be my bad with my django-stronghold configuration.