diff --git a/passbook/saml_idp/base.py b/passbook/saml_idp/base.py index 5aa21846b..ea588786e 100644 --- a/passbook/saml_idp/base.py +++ b/passbook/saml_idp/base.py @@ -33,6 +33,8 @@ class Processor: """Base SAML 2.0 AuthnRequest to Response Processor. Sub-classes should provide Service Provider-specific functionality.""" + is_idp_initiated = False + _audience = '' _assertion_params = None _assertion_xml = None @@ -291,7 +293,10 @@ class Processor: def generate_response(self): """Processes request and returns template variables suitable for a response.""" # Build the assertion and response. - self.can_handle(self._django_request) + # Only call can_handle if SP initiated Request, otherwise we have no Request + if not self.is_idp_initiated: + self.can_handle(self._django_request) + self._validate_user() self._build_assertion() self._format_assertion() diff --git a/passbook/saml_idp/models.py b/passbook/saml_idp/models.py index 14a85db2c..44ca925f5 100644 --- a/passbook/saml_idp/models.py +++ b/passbook/saml_idp/models.py @@ -1,4 +1,5 @@ """passbook saml_idp Models""" +from logging import getLogger from django.contrib.postgres.fields import ArrayField from django.db import models @@ -9,6 +10,8 @@ from passbook.core.models import PropertyMapping, Provider from passbook.lib.utils.reflection import class_to_path, path_to_class from passbook.saml_idp.base import Processor +LOGGER = getLogger(__name__) + class SAMLProvider(Provider): """Model to save information about a Remote SAML Endpoint""" @@ -36,7 +39,8 @@ class SAMLProvider(Provider): if not self._processor: try: self._processor = path_to_class(self.processor_path)(self) - except ModuleNotFoundError: + except ModuleNotFoundError as exc: + LOGGER.warning(exc) self._processor = None return self._processor diff --git a/passbook/saml_idp/views.py b/passbook/saml_idp/views.py index 702928680..dd4d44314 100644 --- a/passbook/saml_idp/views.py +++ b/passbook/saml_idp/views.py @@ -231,4 +231,5 @@ class InitiateLoginView(AccessRequiredView): def get(self, request, application): """Initiates an IdP-initiated link to a simple SP resource/target URL.""" self.provider.processor.init_deep_link(request, '') + self.provider.processor.is_idp_initiated = True return _generate_response(request, self.provider)