It happens that the SP cannot find the EntityID in its Metadata, throwing a saml2.mdstore.SourceNotFound Exception.

Exception will raise if metadata source is defined as "remote" it's url is not reachable.

Author: peppelinux

CHANGES

@@ -1,9 +1,19 @@
 Changes
 =======
 
-UNRELEASED
+0.17.2 (2018-08-29)
+----------
+- Upgraded pysaml2 dependency to version 4.6.0 which fixes security issue.
+
+Thanks to plumdog
+
+0.17.1 (2018-07-16)
 ----------
 - A 403 (permission denied) is now raised if a SAMLResponse is replayed, instead of 500.
+- Dropped support for Python 3.3
+- Upgraded pysaml2 dependency to version 4.5.0
+
+Thanks to francoisfreitag, mhindery, vkurup, peppelinux
 
 0.16.11 (2017-12-25)
 ----------

djangosaml2/views.py

@@ -42,8 +42,9 @@
 from saml2.s_utils import UnsupportedBinding
 from saml2.response import (
     StatusError, StatusAuthnFailed, SignatureError, StatusRequestDenied,
-    UnsolicitedResponse,
+    UnsolicitedResponse, StatusNoAuthnContext,
 )
+from saml2.mdstore import SourceNotFound
 from saml2.validate import ResponseLifetimeExceed, ToEarly
 from saml2.xmldsig import SIG_RSA_SHA1, SIG_RSA_SHA256  # support for SHA1 is required by spec
 
@@ -134,7 +135,15 @@ def login(request,
                     })
 
     selected_idp = request.GET.get('idp', None)
-    conf = get_config(config_loader_path, request)
+    try:
+        conf = get_config(config_loader_path, request)
+    except SourceNotFound as excp:
+        msg = ('Error, IdP EntityID was not found '
+               'in metadata: {}')
+        logger.exception(msg.format(excp))
+        return HttpResponse(msg.format(('Please contact '
+                                        'technical support.')),
+                            status=500)
 
     # is a embedded wayf needed?
     idps = available_idps(conf)
@@ -284,6 +293,9 @@ def assertion_consumer_service(request,
     except StatusRequestDenied:
         logger.warning("Authentication interrupted at IdP.", exc_info=True)
         return fail_acs_response(request)
+    except StatusNoAuthnContext:
+        logger.warning("Missing Authentication Context from IdP.", exc_info=True)
+        return fail_acs_response(request)
     except MissingKey:
         logger.exception("SAML Identity Provider is not configured correctly: certificate key is missing!")
         return fail_acs_response(request)

setup.py

@@ -31,7 +31,7 @@ def read(*rnames):
 
 setup(
     name='djangosaml2',
-    version='0.16.11',
+    version='0.17.2',
     description='pysaml2 integration for Django',
     long_description='\n\n'.join([read('README.rst'), read('CHANGES')]),
     classifiers=[
@@ -49,7 +49,6 @@ def read(*rnames):
         "Programming Language :: Python :: 2",
         "Programming Language :: Python :: 2.7",
         "Programming Language :: Python :: 3",
-        "Programming Language :: Python :: 3.3",
         "Programming Language :: Python :: 3.4",
         "Programming Language :: Python :: 3.5",
         "Programming Language :: Python :: 3.6",
@@ -71,8 +70,7 @@ def read(*rnames):
     install_requires=[
         'defusedxml>=0.4.1',
         'Django>=1.8',
-        'enum34;python_version > "3" and python_version < "3.4"',
-        'pysaml2==4.5.0',
+        'pysaml2>=4.6.0',
         ],
     extras_require=extra,
     )