Add option to set preferred logout request binding

knaperek · knaperek · commit cc8663d12c0e · 2017-09-19T09:26:07.000+02:00
diff --git a/README.rst b/README.rst
@@ -110,6 +110,16 @@ If you want to allow several authentication mechanisms in your project
 you should set the LOGIN_URL option to another view and put a link in such
 view to the ``/saml2/login/`` view.
 
+Preferred Logout binding
+-----------------
+Use the following setting to choose your preferred binding for SP initiated logout requests::
+
+  SAML_LOGOUT_REQUEST_PREFERRED_BINDING
+
+For example::
+
+  import saml2
+  SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_POST
 
 Changes in the urls.py file
 ---------------------------
diff --git a/djangosaml2/overrides.py b/djangosaml2/overrides.py
@@ -0,0 +1,24 @@
+import logging
+
+import saml2.client
+from django.conf import settings
+
+logger = logging.getLogger('djangosaml2')
+
+
+class Saml2Client(saml2.client.Saml2Client):
+    """
+    Custom Saml2Client that adds a choice of preference for binding used with
+    SAML Logout Requests. The preferred binding can be configured via
+    SAML_LOGOUT_REQUEST_PREFERRED_BINDING settings variable.
+    (Original Saml2Client always prefers SOAP, so it is always used if declared
+    in remote metadata); but doesn't actually work and causes crashes.
+    """
+    def do_logout(self, *args, **kwargs):
+        if not kwargs.get('expected_binding'):
+            try:
+                kwargs['expected_binding'] = settings.SAML_LOGOUT_REQUEST_PREFERRED_BINDING
+            except AttributeError:
+                logger.warning('SAML_LOGOUT_REQUEST_PREFERRED_BINDING setting is'
+                    ' not defined. Default binding will be used.')
+        return super(Saml2Client, self).do_logout(*args, **kwargs)
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
@@ -38,7 +38,6 @@
 from django.views.decorators.csrf import csrf_exempt
 
 from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
-from saml2.client import Saml2Client
 from saml2.metadata import entity_descriptor
 from saml2.ident import code, decode
 from saml2.sigver import MissingKey
@@ -50,6 +49,7 @@
 from djangosaml2.cache import IdentityCache, OutstandingQueriesCache
 from djangosaml2.cache import StateCache
 from djangosaml2.conf import get_config
+from djangosaml2.overrides import Saml2Client
 from djangosaml2.signals import post_authenticated
 from djangosaml2.utils import fail_acs_response, get_custom_setting, available_idps, get_location, get_idp_sso_supported_bindings
 
