Merge pull request #15 from ganiserb/fix-idp-initiated-login

Fix to handle a case that causes error 500 when doing IdP initiated login

Author: knaperek

djangosaml2/views.py

@@ -42,6 +42,7 @@ def csrf_exempt(view_func):
 from saml2.client import Saml2Client
 from saml2.metadata import entity_descriptor
 from saml2.ident import code, decode
+from saml2.sigver import MissingKey
 
 from djangosaml2.cache import IdentityCache, OutstandingQueriesCache
 from djangosaml2.cache import StateCache
@@ -209,9 +210,14 @@ def assertion_consumer_service(request,
     oq_cache = OutstandingQueriesCache(request.session)
     outstanding_queries = oq_cache.outstanding_queries()
 
-    # process the authentication response
-    response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST,
-                                                   outstanding_queries)
+    try:
+        response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST,
+                                                       outstanding_queries)
+    except MissingKey:
+        logger.error('MissingKey error in ACS')
+        return HttpResponseForbidden(
+            "The Identity Provider is not configured correctly: "
+            "the certificate key is missing")
     if response is None:
         logger.error('SAML response is None')
         return HttpResponseBadRequest(