500 error with Okta as SAML login

Issue Summary

Configuring SSO/SAML with Okta. Receive a 500 error when attempting to use SAML.
Changed vars in env and web UI.

[2020-02-25 03:42:58,528] ERROR in app: Exception on /saml/login [GET]
Traceback (most recent call last):
File “/usr/local/lib/python2.7/site-packages/flask/app.py”, line 1982, in wsgi_app
response = self.full_dispatch_request()
File “/usr/local/lib/python2.7/site-packages/flask/app.py”, line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/local/lib/python2.7/site-packages/flask_restful/init.py”, line 271, in error_router
return original_handler(e)
File “/usr/local/lib/python2.7/site-packages/flask/app.py”, line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/local/lib/python2.7/site-packages/flask/app.py”, line 1612, in full_dispatch_request
rv = self.dispatch_request()
File “/usr/local/lib/python2.7/site-packages/flask/app.py”, line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File “/app/redash/authentication/saml_auth.py”, line 106, in sp_initiated
saml_client = get_saml_client(current_org)
File “/app/redash/authentication/saml_auth.py”, line 56, in get_saml_client
sp_config.load(saml_settings)
File “/usr/local/lib/python2.7/site-packages/saml2/config.py”, line 356, in load
self.load_complex(cnf, metadata_construction=metadata_construction)
File “/usr/local/lib/python2.7/site-packages/saml2/config.py”, line 296, in load_complex
self.load_metadata(cnf[“metadata”]))
File “/usr/local/lib/python2.7/site-packages/saml2/config.py”, line 400, in load_metadata
mds.imp(metadata_conf)
File “/usr/local/lib/python2.7/site-packages/saml2/mdstore.py”, line 922, in imp
self.load(key, **val)
File “/usr/local/lib/python2.7/site-packages/saml2/mdstore.py”, line 910, in load
_md.load()
File “/usr/local/lib/python2.7/site-packages/saml2/mdstore.py”, line 751, in load
response = self.http.send(self.url)
File “/usr/local/lib/python2.7/site-packages/saml2/httpbase.py”, line 245, in send
raise ConnectionError("%s" % exc)

Technical details:

  • Redash Version: 7
  • Browser/OS: 10.15/Chrome
  • How did you install Redash: via AWS AMI
[2020-02-25 03:49:52,845] ERROR in app: Exception on /saml/login [GET]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
  File "/usr/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 271, in error_router
return original_handler(e)
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
  File "/app/redash/authentication/saml_auth.py", line 106, in sp_initiated
saml_client = get_saml_client(current_org)
  File "/app/redash/authentication/saml_auth.py", line 56, in get_saml_client
sp_config.load(saml_settings)
  File "/usr/local/lib/python2.7/site-packages/saml2/config.py", line 356, in load
self.load_complex(cnf, metadata_construction=metadata_construction)
  File "/usr/local/lib/python2.7/site-packages/saml2/config.py", line 296, in load_complex
self.load_metadata(cnf["metadata"]))
  File "/usr/local/lib/python2.7/site-packages/saml2/config.py", line 400, in load_metadata
mds.imp(metadata_conf)
  File "/usr/local/lib/python2.7/site-packages/saml2/mdstore.py", line 922, in imp
self.load(key, **val)
  File "/usr/local/lib/python2.7/site-packages/saml2/mdstore.py", line 910, in load
_md.load()
  File "/usr/local/lib/python2.7/site-packages/saml2/mdstore.py", line 751, in load
response = self.http.send(self.url)
  File "/usr/local/lib/python2.7/site-packages/saml2/httpbase.py", line 245, in send
raise ConnectionError("%s" % exc)
ConnectionError: HTTPSConnectionPool(host='xxxxx.okta.com', port=443): Max retries exceeded with url: /app/exk2xh53sjUBbCcXm357/sso/saml/metadata (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fe683cd5450>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',))

What debug steps have you tried?

I’ve set (and reset) all ENV variables:
REDASH_SAML_METADATA_URL=https://xxx.okta.com/app/exk2y1w2j9XxiJ92Z357/sso/saml/metadata
REDASH_SAML_ENTITY_ID=https://xxx.okta.com/app/xxx_redash2_1/exk2y1w2j9XxiJ92Z357/sso/saml
REDASH_SAML_NAMEID_FORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

As well as tried them in the UI. Additionally, I have setup a new app in Okta for redash and ran into the same issues.