|
26 | 26 | from django.http import Http404, HttpResponse
|
27 | 27 | from django.shortcuts import render
|
28 | 28 | from django.template import TemplateDoesNotExist
|
| 29 | +from django.urls import reverse |
29 | 30 | from django.views.decorators.csrf import csrf_exempt
|
30 | 31 | from django.views.generic import View
|
31 | 32 | from django.utils.decorators import method_decorator
|
| 33 | +from django.utils.http import urlquote |
32 | 34 |
|
33 | 35 | from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
|
34 | 36 | from saml2.client_base import LogoutError
|
@@ -143,6 +145,21 @@ def login(request,
|
143 | 145 | if getattr(conf, '_sp_allow_create', False):
|
144 | 146 | kwargs['allow_create'] = "true"
|
145 | 147 |
|
| 148 | + # Do we have a Discovery Service? |
| 149 | + discovery_service = getattr(settings, 'SAML2_DISCO_URL', False) |
| 150 | + if discovery_service: |
| 151 | + if not selected_idp and discovery_service: |
| 152 | + # We have to build the URL to redirect to with all the information |
| 153 | + # for the Discovery Service to know how to send the flow back to us |
| 154 | + login_url = request.build_absolute_uri(reverse('saml2_login')) |
| 155 | + login_url = '{0}?next={1}'.format(login_url, |
| 156 | + urlquote(came_from, safe='')) |
| 157 | + ds_url = '{0}?entityID={1}&return={2}&returnIDParam=idp' |
| 158 | + ds_url = ds_url.format(discovery_service, |
| 159 | + urlquote(getattr(conf,'entityid'), safe=''), |
| 160 | + urlquote(login_url, safe='')) |
| 161 | + return HttpResponseRedirect(ds_url) |
| 162 | + |
146 | 163 | # is a embedded wayf needed?
|
147 | 164 | idps = available_idps(conf)
|
148 | 165 | if selected_idp is None and len(idps) > 1:
|
|
0 commit comments