SamlApplicationSettingsApplication/missing `app` key about okta-sdk-python HOT 10 CLOSED

@rdark I'm going to close this issue as resolved. Feel free to reopen this issue or reach out to us if you have any additional questions or concerns.

from okta-sdk-python.

@rdark Thanks for posting this issue. Could you please, share some code on how serialisation/deserialisation is performed in your project? I'll take a look at SAML applications meanwhile.

from okta-sdk-python.

If I understood correctly, SamlApplicationSettings has signOn attribute, while others have app attribute, that's the root of the issue. The thing is, this config is set in openapi spec, and our code is auto-generated, based on spec. Let me investigate what we can do. To unblock you, I can suggest using dynamic serialisation, i.e. check type of app or existing fields before serialisation and use appropriate code. I'll keep you posted on any updates.

from okta-sdk-python.

Thanks for quick response @serhiibuniak-okta

In terms of serialisation, I'm just calling the .as_dict() method on the result (in this case, the output of list_applications(), which returns a List[Application]).

The issue appears before any serialisation on my side - the response object returned as second element in tuple from here contains the missing information within it's ._body, you can see in the lines above why this information doesn't make it's way through to the final destination, as you say - it only looks for signOn - even if there were support for it within a theoretical SamlApplicationSettingsApplication class.

As a short-term workaround, I can probably just grab this info from the response and munge into a custom model on my side.

from okta-sdk-python.

Thanks for more details, but it seems to me like signOn and signOnMode are a bit different essences. signOnMode attribute should be present in response, while signOn is an attribute of few specific models, like SamlApplicationSettings, mentioned above. Could you please, share some traceback or code? I'd like to reproduce the issue and/or have better understanding on how I can help you.

from okta-sdk-python.

Sure - the following code illustrates the difference between the settings from the application object and the settings from the response object - ideally the application object should retain all of the data needed to reconstruct itself rather than discarding it.

Ultimately I would like to be able to delete the Application, and then create an exact replacement by sending an instantiation of it's previous self to the create_application() method.

import asyncio
from okta.client import Client
from os import environ

config = {
    'orgUrl': environ['OKTA_ORG_URL'],
    'token': environ['OKTA_API_TOKEN'],
}
# ID of an existing SAML application
saml_app_id = 'REDACTED'
okta_client = Client(config)
loop = asyncio.get_event_loop()

coro = okta_client.get_application(appId=saml_app_id)
app, response, error = loop.run_until_complete(future=coro)

print('settings property on application object')
print(app.settings)

print('settings key on response.get_body() method')
print(response.get_body()['settings'])

settings property on application object

{'app': {}, 'implicit_assignment': None, 'inline_hook_id': None, 'notifications': {'vpn': {'help_url': None, 'message': None, 'network': {'connection': 'DISABLED', 'exclude': [], 'include': []}}}, 'sign_on': {'acs_endpoints': [], 'allow_multiple_acs_endpoints': None, 'assertion_signed': None, 'attribute_statements': [], 'audience': None, 'audience_override': None, 'authn_context_class_ref': None, 'default_relay_state': None, 'destination': None, 'destination_override': None, 'digest_algorithm': None, 'honor_force_authn': None, 'idp_issuer': None, 'recipient': None, 'recipient_override': None, 'request_compressed': None, 'response_signed': None, 'signature_algorithm': None, 'sp_issuer': None, 'sso_acs_url': None, 'sso_acs_url_override': None, 'subject_name_id_format': None, 'subject_name_id_template': None}}

settings key on response.get_body() method

{'app': {'afwOnly': False, 'domain': 'thedomain.com', 'afwId': None}, 'notifications': {'vpn': {'network': {'connection': 'DISABLED'}, 'message': None, 'helpUrl': None}}, 'signOn': {'defaultRelayState': None, 'ssoAcsUrlOverride': None, 'audienceOverride': None, 'recipientOverride': None, 'destinationOverride': None, 'attributeStatements': []}}

from okta-sdk-python.

@rdark Thanks for additional details. Let me investigate it. So, in the sample above, you would like to delete app (with given appId) and recreate it using the same app object as a parameter?

from okta-sdk-python.

Yep, exactly this 👍

from okta-sdk-python.

@rdark
According to my investigations so far, we can't create any application in this way, but I'd like to investigate a bit more about your particular case. Are you able to create your app via curl request (or postman, doesn't matter)? And if yes, then could you pls share body of request, i.e. app parameters?

For example if we're creating bookmark app, it will look like this:

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
  "name": "bookmark",
  "label": "Sample Bookmark App",
  "signOnMode": "BOOKMARK",
  "settings": {
    "app": {
      "requestIntegration": false,
      "url": "https://example.com/bookmark.htm"
    }
  }
}' "https://${yourOktaDomain}/api/v1/apps"

from okta-sdk-python.

@rdark
I've investigated a bit more and successfully re-created custom saml app. I've got sample body from postman collection (can be found here https://developer.okta.com/docs/reference/api/apps/).
But, the thing is, when we use method get_application it returns additional information about given application, for example, status of application, assigned name, etc. This additional info doesn't allow to recreate app, thus we need to get rid of it. And yes, it's better to use response body, more information is provided:

app, response, error = loop.run_until_complete(future=coro)
body = response.get_body()

# remove additional info
body.pop('name')
body.pop('status')
body.pop('created')

# then it is possible to create app (you may need to delete some apps before recreating, but it works for custom saml app without deleting):
coro = okta_client.create_application(body)
app, response, error = loop.run_until_complete(future=coro)

Does it work for you?

from okta-sdk-python.