providers/saml: remove SESSION_KEY_POST from session after using it

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1873
This commit is contained in:
Jens Langhammer 2021-12-06 12:47:25 +01:00
parent c1ea78c422
commit 873aa4bb22

View file

@ -125,7 +125,7 @@ class SAMLSSOBindingPOSTView(SAMLSSOView):
# This happens when using POST bindings but the user isn't logged in
# (user gets redirected and POST body is 'lost')
if SESSION_KEY_POST in self.request.session:
payload = self.request.session[SESSION_KEY_POST]
payload = self.request.session.pop(SESSION_KEY_POST)
if REQUEST_KEY_SAML_REQUEST not in payload:
LOGGER.info("check_saml_request: SAML payload missing")
return bad_request_message(self.request, "The SAML request payload is missing.")