Symptoms

The end user is not redirected from the Workspace login screen to the external Identity Provider (IdP).

In the awingu-api.service.log file, a similar error can be seen:

2023-11-07 15:13:43.643658+00:00 somenode01 awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:555547]: Failed to get SAML pre-auth URL: Not valid IdP XML found from URL: https://somedomain.org/federationmetadata/saml20/federationmetadata.xml
Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 160, in get_pre_auth_url
    return get_saml_auth(domain).login(
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 134, in get_saml_auth
    idp_settings = IdPMetadataParser.parse_remote(url=url,
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 364, in parse_remote
    idp_metadata = cls.get_metadata(url, trusted_ca_store, timeout)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 338, in get_metadata
    raise Exception('Not valid IdP XML found from URL: %s' % (url))
Exception: Not valid IdP XML found from URL: https://somedomain.org/federationmetadata/saml20/federationmetadata.xml

Cause

The provided federation metadata XML is invalid.

Resolution

Validate the XML. It should contain a md:IDPSSODescriptor node.