HUE djangosaml2 中 https url 的 SAML 错误

SAML error with https url in HUE djangosaml2

我尝试在 Hue™ 4.1 中启用 SAML,但出现错误。问题是连接从 https 到 http,如下设置:user–>https://hue.xyz.com:8889 --> LTM loadbalancer --> http://ip-addr:8889 (no SSL enabled in HUE).

出现 SAML IDP 登录页面,尝试登录 HUE 时出现 returns 错误:错误请求 (400)。在 /var/log/hue/runcpserver.log 中,我看到以下错误。 /saml2/metadata xml 在 ACS url <md:AssertionConsumerService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“http://hue.xyz.com:8889/saml2/acs/” index=“1”/> 中显示 http 而不是 https。有什么想法吗?

[17/Dec/2019 09:58:58 -0800] response ERROR https://hue.xyz.com:8889/saml2/acs/ not in [‘http://hue.xyz.com:8889/saml2/acs/’]
[17/Dec/2019 09:58:58 -0800] views WARNING Invalid SAML Assertion received (unknown error).
[17/Dec/2019 09:58:58 -0800] middleware INFO Processing exception: : Traceback (most recent call last):
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/core/handlers/base.py”, line 112, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/db/transaction.py”, line 371, in inner
return func(*args, **kwargs)
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/views/decorators/http.py”, line 41, in inner
return func(request, *args, **kwargs)
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/views/decorators/csrf.py”, line 57, in wrapped_view
return view_func(*args, **kwargs)
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/djangosaml2-0.16.4-py2.7.egg/djangosaml2/views.py”, line 276, in assertion_consumer_service
return fail_acs_response(request, status=400, exc_class=SuspiciousOperation)
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/djangosaml2-0.16.4-py2.7.egg/djangosaml2/utils.py”, line 85, in fail_acs_response
return failure_function(request, *args, **kwargs)
File “/opt/cloudera/parcels/CDH-5.15.1-1.cdh5.15.1.p0.4/lib/hue/build/env/lib/python2.7/site-packages/djangosaml2-0.16.4-py2.7.egg/djangosaml2/acs_failures.py”, line 22, in exception_failure
raise exc_class
SuspiciousOperation

[17/Dec/2019 09:58:58 -0800] access INFO 10.83.175.203 -anon- - “POST /saml2/acs/ HTTP/1.1” returned in 72ms

已通过在 hue_safety_valve.ini

的 Cloudera Manager Hue 服务高级配置代码段(安全阀)中添加以下内容解决此问题
base_url=https://hue.xyz.com:8889