From 3367b83368900ca7d272ceb3739e68bb127d4328 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 8 Aug 2021 15:01:52 +0200
Subject: [PATCH] providers/saml: use idp-initiated sso flow as launch url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/saml/models.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/authentik/providers/saml/models.py b/authentik/providers/saml/models.py
index b506bfa28..02beb771c 100644
--- a/authentik/providers/saml/models.py
+++ b/authentik/providers/saml/models.py
@@ -1,8 +1,8 @@
 """authentik saml_idp Models"""
 from typing import Optional, Type
-from urllib.parse import urlparse
 
 from django.db import models
+from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from rest_framework.serializers import Serializer
 from structlog.stdlib import get_logger
@@ -152,9 +152,15 @@ class SAMLProvider(Provider):
 
     @property
     def launch_url(self) -> Optional[str]:
-        """Guess launch_url based on acs URL"""
-        launch_url = urlparse(self.acs_url)
-        return self.acs_url.replace(launch_url.path, "")
+        """Use IDP-Initiated SAML flow as launch URL"""
+        try:
+            # pylint: disable=no-member
+            return reverse(
+                "authentik_providers_saml:sso-init",
+                kwargs={"application_slug": self.application.slug},
+            )
+        except Provider.application.RelatedObjectDoesNotExist:
+            return None
 
     @property
     def serializer(self) -> Type[Serializer]: