diff --git a/awx/api/views.py b/awx/api/views.py index 69dcbd064c..eda37db70f 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -534,7 +534,7 @@ class AuthView(APIView): saml_backend_data = dict(backend_data.items()) saml_backend_data['login_url'] = '%s?idp=%s' % (login_url, idp) full_backend_name = '%s:%s' % (name, idp) - if err_backend == full_backend_name and err_message: + if (err_backend == full_backend_name or err_backend == name) and err_message: saml_backend_data['error'] = err_message data[full_backend_name] = saml_backend_data else: diff --git a/awx/sso/conf.py b/awx/sso/conf.py index 4bde08e55a..c3ab7f7e56 100644 --- a/awx/sso/conf.py +++ b/awx/sso/conf.py @@ -924,13 +924,12 @@ register( register( 'SOCIAL_AUTH_SAML_SP_ENTITY_ID', - field_class=fields.URLField, - schemes=('http', 'https'), + field_class=fields.CharField, allow_blank=True, default='', label=_('SAML Service Provider Entity ID'), - help_text=_('Set to a URL for a domain name you own (does not need to be a ' - 'valid URL; only used as a unique ID).'), + help_text=_('The application-defined unique identifier used as the ' + 'audience of the SAML service provider (SP) configuration.'), category=_('SAML'), category_slug='saml', feature_required='enterprise_auth', diff --git a/awx/sso/views.py b/awx/sso/views.py index a25aabf511..5d34234464 100644 --- a/awx/sso/views.py +++ b/awx/sso/views.py @@ -83,7 +83,11 @@ class MetadataView(View): 'saml', redirect_uri=complete_url, ) - metadata, errors = saml_backend.generate_metadata_xml() + try: + metadata, errors = saml_backend.generate_metadata_xml() + except Exception as e: + logger.exception('unable to generate SAML metadata') + errors = e if not errors: return HttpResponse(content=metadata, content_type='text/xml') else: