I've attempted to enable SAML for sentry in my install.
I have the following in the sentry.conf.py: SENTRY_FEATURES['organizations:sso-saml2'] = True
And according the the admin packages page I have the python3-saml package installed. However SAML refuses to get enabled. Is this something that moved and just isn't documented?
@tankerkiller125 Just confirming as I also started looking into SAML based SSO for onprem Sentry. Everywhere in the documentation, I do see this phrase repeating :
SAML2 SSO requires a Business or Enterprise Plan. I am not even sure are we allowed SAML setup on onprem? Do you have a link in which I can validate where you validated this information?
SAML worked previously in version 9, the docs are currently for the hosted version of sentry only. They do not account for onprem (onprem docs are removed/moved) further someone else in a previous issue someplace noted that they got SAML working onprem.
SAML is already enabled in on-prem by default. The docs are mainly for sentry.io users, hence the warning but in the open-source version, you can enable anything (some would be harder to run, but not SAML).
The docs for SAML in general are at https://docs.sentry.io/accounts/saml2/
What are you missing?
@tankerkiller125 Sentry is still on Python 2.7 so maybe that's the issue for you? I have never worked with SAML so I don't know but if it requires and additional package, you probably need to add python-saml to the sentry/requirements.txt file in this repo and then run ./install.sh again.
the Python3-saml lib was included by default with the docker install so I assumed it was correct, I can try adding the python2 version to the requirements and see if that fixes it.
I still need
https://github.com/getsentry/sentry-auth-saml2/archive/master.zip in requirements.txt to enable SAML in version 10
Thanks @marbon87 that appears to have fixed the issue. I was under the impression that because that repo was archived and the code moved to the primary repository that adding it to the requirements.txt was no longer required. Apparently that thought was incorrect.
We clearly need to update our docs for SAML so reopening the issue. SAML support should be built in right now and you should not need to add anything else to enable it.
@scefali passed to you as you mentioned you were planning to update the docs on this. LMK if that's not the case and I'll take over.
Thanks @marbon87 that appears to have fixed the issue. I was under the impression that because that repo was archived and the code moved to the primary repository that adding it to the requirements.txt was no longer required. Apparently that thought was incorrect.
Hmm, no that should be correct. We brought saml things into core. But something may be missing :) @scefali or @leedongwei should be able to dig into this :)
Thanks for reporting this @tankerkiller125!
@tankerkiller125 @grv231 @marbon87 I just checked, the change to move SAML2 into Sentry was not complete in Sentry 10.0.0. It's in a subsequent release. That's why you had to add https://github.com/getsentry/sentry-auth-saml2/archive/master.zip to get it to work.
Most helpful comment
@tankerkiller125 @grv231 @marbon87 I just checked, the change to move SAML2 into Sentry was not complete in Sentry 10.0.0. It's in a subsequent release. That's why you had to add
https://github.com/getsentry/sentry-auth-saml2/archive/master.zipto get it to work.