From 873aa4bb226c50700b1b0460b2e2cb33ffec155c Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 6 Dec 2021 12:47:25 +0100
Subject: [PATCH] providers/saml: remove SESSION_KEY_POST from session after
 using it

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1873
---
 authentik/providers/saml/views/sso.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentik/providers/saml/views/sso.py b/authentik/providers/saml/views/sso.py
index 4a534c09d..6cb02bbe9 100644
--- a/authentik/providers/saml/views/sso.py
+++ b/authentik/providers/saml/views/sso.py
@@ -125,7 +125,7 @@ class SAMLSSOBindingPOSTView(SAMLSSOView):
         # This happens when using POST bindings but the user isn't logged in
         # (user gets redirected and POST body is 'lost')
         if SESSION_KEY_POST in self.request.session:
-            payload = self.request.session[SESSION_KEY_POST]
+            payload = self.request.session.pop(SESSION_KEY_POST)
         if REQUEST_KEY_SAML_REQUEST not in payload:
             LOGGER.info("check_saml_request: SAML payload missing")
             return bad_request_message(self.request, "The SAML request payload is missing.")