From e0a3ec033f34dd58a04d17d96f3a5c3558a0bc78 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 29 Apr 2019 21:39:41 +0200
Subject: [PATCH] fix IDP-Initiated SAML Login

---
 passbook/saml_idp/base.py   | 7 ++++++-
 passbook/saml_idp/models.py | 6 +++++-
 passbook/saml_idp/views.py  | 1 +
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/passbook/saml_idp/base.py b/passbook/saml_idp/base.py
index 5aa21846b..ea588786e 100644
--- a/passbook/saml_idp/base.py
+++ b/passbook/saml_idp/base.py
@@ -33,6 +33,8 @@ class Processor:
     """Base SAML 2.0 AuthnRequest to Response Processor.
     Sub-classes should provide Service Provider-specific functionality."""
 
+    is_idp_initiated = False
+
     _audience = ''
     _assertion_params = None
     _assertion_xml = None
@@ -291,7 +293,10 @@ class Processor:
     def generate_response(self):
         """Processes request and returns template variables suitable for a response."""
         # Build the assertion and response.
-        self.can_handle(self._django_request)
+        # Only call can_handle if SP initiated Request, otherwise we have no Request
+        if not self.is_idp_initiated:
+            self.can_handle(self._django_request)
+
         self._validate_user()
         self._build_assertion()
         self._format_assertion()
diff --git a/passbook/saml_idp/models.py b/passbook/saml_idp/models.py
index 14a85db2c..44ca925f5 100644
--- a/passbook/saml_idp/models.py
+++ b/passbook/saml_idp/models.py
@@ -1,4 +1,5 @@
 """passbook saml_idp Models"""
+from logging import getLogger
 
 from django.contrib.postgres.fields import ArrayField
 from django.db import models
@@ -9,6 +10,8 @@ from passbook.core.models import PropertyMapping, Provider
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 from passbook.saml_idp.base import Processor
 
+LOGGER = getLogger(__name__)
+
 
 class SAMLProvider(Provider):
     """Model to save information about a Remote SAML Endpoint"""
@@ -36,7 +39,8 @@ class SAMLProvider(Provider):
         if not self._processor:
             try:
                 self._processor = path_to_class(self.processor_path)(self)
-            except ModuleNotFoundError:
+            except ModuleNotFoundError as exc:
+                LOGGER.warning(exc)
                 self._processor = None
         return self._processor
 
diff --git a/passbook/saml_idp/views.py b/passbook/saml_idp/views.py
index 702928680..dd4d44314 100644
--- a/passbook/saml_idp/views.py
+++ b/passbook/saml_idp/views.py
@@ -231,4 +231,5 @@ class InitiateLoginView(AccessRequiredView):
     def get(self, request, application):
         """Initiates an IdP-initiated link to a simple SP resource/target URL."""
         self.provider.processor.init_deep_link(request, '')
+        self.provider.processor.is_idp_initiated = True
         return _generate_response(request, self.provider)