SAML login fails with django view exception MultiValueDictKeyError

[FrostKiwi]

Describe the issue

We have an issue configuring SAML to work with Azure logins. It seems that the login works on a theoretical level, as Azure detects a successful login. But Weblate has a view throwing an exception, which kills the login process, causing Microsoft to throw an exception about a malformatted message. Any idea how to debug this?

The XML SAML info generated by https://<redacted>.net/translate/accounts/metadata/saml/ contains the URL Location="https://<redacted>.net/translate/accounts/complete/saml/" for AssertionConsumerService Binding. This URL is called by Azure and errors out. If you navigate there, you are greeted with the Exception MultiValueDictKeyError at /translate/accounts/complete/saml/. Full traceback and screenshot below. The login process itself errors out with Microsoft's login service throwing the exception: AADSTS20012: An error occurred when we tried to process a WS-Federation message. The message was invalid, malformatted, or contains potentially dangerous characters., screenshot below.

The configuration can be seen in the traceback, but here is the relevant SAML part:

...
# URL prefix to use, please see documentation for more details
URL_PREFIX = "/translate"
...
AUTHENTICATION_BACKENDS = (
    "social_core.backends.email.EmailAuth",
    "social_core.backends.saml.SAMLAuth",
    "weblate.accounts.auth.WeblateUserBackend",
)
SOCIAL_AUTH_SAML_SP_ENTITY_ID = f"<redacted>.net"
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT = "<redacted>"
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY = "<redacted>"
SOCIAL_AUTH_SAML_ENABLED_IDPS = {
    "weblate": {
        "entity_id": "https://sts.windows.net/<redacted>",
        "url": "https://login.microsoftonline.com/<redacted>",
        "x509cert": "<redacted>",
    "attr_user_permanent_id": "emailaddress",
        "attr_name": "nameidentifier",
        "attr_username": "username",
        "attr_email": "emailaddress",
    }
}

Just for reference, the attributes as setup in Azure:

I already tried

• [X] I've read and searched the documentation.
• [X] I've searched for similar issues in this repository.

Steps to reproduce the behavior

Configure SAML with the versions and config mentioned

Expected behavior

Login succeeding

Screenshots

Exception traceback

MultiValueDictKeyError at /translate/accounts/complete/saml/
'RelayState'
Request Method: GET
Request URL:    https://<redacted>.net/translate/accounts/complete/saml/
Django Version: 4.2
Exception Type: MultiValueDictKeyError
Exception Value:    
'RelayState'
Exception Location: /home/vlad/weblate-env/lib/python3.8/site-packages/django/utils/datastructures.py, line 86, in __getitem__
Raised during:  weblate.accounts.views.social_complete
Python Executable:  /usr/bin/uwsgi-core
Python Version: 3.8.10
Python Path:    
['/home/vlad',
 '/home/vlad/weblate-env/lib/python3.8/site-packages/git/ext/gitdb',
 '.',
 '',
 '/usr/lib/python38.zip',
 '/usr/lib/python3.8',
 '/usr/lib/python3.8/lib-dynload',
 '/home/vlad/weblate-env/lib/python3.8/site-packages']
Server time:    Fri, 08 Sep 2023 07:28:20 +0000
Traceback Switch to copy-and-paste view
/home/vlad/weblate-env/lib/python3.8/site-packages/django/utils/datastructures.py, line 84, in __getitem__
            list_ = super().__getitem__(key) …
Local vars
During handling of the above exception ('RelayState'), another exception occurred:
/home/vlad/weblate-env/lib/python3.8/site-packages/django/core/handlers/exception.py, line 55, in inner
                response = get_response(request) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/django/core/handlers/base.py, line 197, in _get_response
                response = wrapped_callback(request, *callback_args, **callback_kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/django/views/decorators/csrf.py, line 56, in wrapper_view
        return view_func(*args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/django/views/decorators/cache.py, line 62, in _wrapper_view_func
        response = view_func(request, *args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/weblate/accounts/views.py, line 1265, in social_complete
        return complete(request, backend) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/django/views/decorators/cache.py, line 62, in _wrapper_view_func
        response = view_func(request, *args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/django/views/decorators/csrf.py, line 56, in wrapper_view
        return view_func(*args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/social_django/utils.py, line 46, in wrapper
            return func(request, backend, *args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/social_django/views.py, line 30, in complete
    return do_complete( …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/social_core/actions.py, line 49, in do_complete
        user = backend.complete(user=user, *args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/social_core/backends/base.py, line 39, in complete
        return self.auth_complete(*args, **kwargs) …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/social_core/backends/saml.py, line 305, in auth_complete
        idp_name = self.strategy.request_data()["RelayState"] …
Local vars
/home/vlad/weblate-env/lib/python3.8/site-packages/django/utils/datastructures.py, line 86, in __getitem__
            raise MultiValueDictKeyError(key) …
Local vars
Request information
USER
Anonymous

GET
No GET data

POST
No POST data

FILES
No FILES data

COOKIES
Variable    Value
_ga 
'GA1.2.107823664.1686184936'
_ga_9DJ9TV72B5  
'GS1.1.1686270944.6.0.1686270953.0.0.0'
django_language 
'en'
csrftoken   
'********************'
translate-tab   
'#suggestions'
sessionid   
'********************'
META
Variable    Value
CONTENT_LENGTH  
''
CONTENT_TYPE    
''
CSRF_COOKIE 
'QczbBe60NH6KS0xbic76BnKY3XXIJyWm'
DOCUMENT_ROOT   
'/home/vlad/stage/build/master'
HTTPS   
'on'
HTTP_ACCEPT 
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
HTTP_ACCEPT_ENCODING    
'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE    
'ja,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-GB;q=0.6,en-US;q=0.5,zh-TW;q=0.4,zh;q=0.3'
HTTP_COOKIE 
'********************'
HTTP_HOST   
'<redacted>.net'
HTTP_SEC_CH_UA  
'"Chromium";v="116", "Not)A;Brand";v="24", "Microsoft Edge";v="116"'
HTTP_SEC_CH_UA_MOBILE   
'?0'
HTTP_SEC_CH_UA_PLATFORM 
'"Windows"'
HTTP_SEC_FETCH_DEST 
'document'
HTTP_SEC_FETCH_MODE 
'navigate'
HTTP_SEC_FETCH_SITE 
'none'
HTTP_SEC_FETCH_USER 
'?1'
HTTP_UPGRADE_INSECURE_REQUESTS  
'1'
HTTP_USER_AGENT 
('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like '
 'Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.69')
PATH_INFO   
'/translate/accounts/complete/saml/'
QUERY_STRING    
''
REMOTE_ADDR 
'10.124.8.63'
REMOTE_PORT 
'51404'
REQUEST_METHOD  
'GET'
REQUEST_SCHEME  
'https'
REQUEST_URI 
'/translate/accounts/complete/saml/'
SCRIPT_NAME 
''
SERVER_NAME 
''
SERVER_PORT 
'443'
SERVER_PROTOCOL 
'HTTP/2.0'
uwsgi.node  
b'<redacted>'
uwsgi.version   
b'2.0.18-debian'
wsgi.errors 
<_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'>
wsgi.file_wrapper   
<built-in function uwsgi_sendfile>
wsgi.input  
<uwsgi._Input object at 0x7fc9d7c1fa30>
wsgi.multiprocess   
True
wsgi.multithread    
False
wsgi.run_once   
False
wsgi.url_scheme 
'https'
wsgi.version    
(1, 0)
Settings
Using settings module weblate.settings
Setting Value
ABSOLUTE_URL_OVERRIDES  
{}
ADMINS  
(('Vlad', 'git@frost.kiwi'),)
ADMINS_BILLING  
[]
ADMINS_CONTACT  
[]
ADMINS_HOSTING  
[]
AKISMET_API_KEY 
'********************'
ALLOWED_HOSTS   
['*']
ANONYMOUS_USER_NAME 
'anonymous'
APPEND_SLASH    
True
AUDITLOG_EXPIRY 
180
AUTHENTICATION_BACKENDS 
('social_core.backends.email.EmailAuth',
 'social_core.backends.saml.SAMLAuth',
 'weblate.accounts.auth.WeblateUserBackend')
AUTH_LOCK_ATTEMPTS  
10
AUTH_PASSWORD_DAYS  
'********************'
AUTH_PASSWORD_VALIDATORS    
'********************'
AUTH_RESTRICT_ADMINS    
{}
AUTH_TOKEN_VALID    
'********************'
AUTH_USER_MODEL 
'weblate_auth.User'
AUTOFIX_LIST    
('weblate.trans.autofixes.whitespace.SameBookendingWhitespace',
 'weblate.trans.autofixes.chars.ReplaceTrailingDotsWithEllipsis',
 'weblate.trans.autofixes.chars.RemoveZeroSpace',
 'weblate.trans.autofixes.chars.RemoveControlChars',
 'weblate.trans.autofixes.chars.DevanagariDanda',
 'weblate.trans.autofixes.html.BleachHTML')
AUTO_UPDATE 
False
AVATAR_DEFAULT_IMAGE    
'identicon'
AVATAR_URL_PREFIX   
'https://www.gravatar.com/'
BACKGROUND_ADMIN_CHECKS 
True
BACKGROUND_TASKS    
'monthly'
BASIC_LANGUAGES 
None
BITBUCKETSERVER_CREDENTIALS 
{}
BORG_EXTRA_ARGS 
None
CACHES  
{'avatar': {'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
            'LOCATION': '/shanai/weblate/cache/avatar',
            'OPTIONS': {'MAX_ENTRIES': 1000},
            'TIMEOUT': 86400},
 'default': {'BACKEND': 'django_redis.cache.RedisCache',
             'KEY_PREFIX': '********************',
             'LOCATION': 'redis://127.0.0.1:6379/1',
             'OPTIONS': {'CLIENT_CLASS': 'django_redis.client.DefaultClient',
                         'CONNECTION_POOL_KWARGS': {},
                         'PARSER_CLASS': 'redis.connection.HiredisParser',
                         'PASSWORD': '********************'},
             'TIMEOUT': 3600}}
CACHE_DIR   
'/shanai/weblate/cache'
CACHE_MIDDLEWARE_ALIAS  
'default'
CACHE_MIDDLEWARE_KEY_PREFIX 
'********************'
CACHE_MIDDLEWARE_SECONDS    
600
CELERY_BEAT_SCHEDULER   
'django_celery_beat.schedulers:DatabaseScheduler'
CELERY_BROKER_URL   
'redis://localhost:6379'
CELERY_RESULT_BACKEND   
'redis://localhost:6379'
CELERY_TASK_ALWAYS_EAGER    
False
CELERY_TASK_ROUTES  
{'weblate.accounts.tasks.notify_*': {'queue': 'notify'},
 'weblate.accounts.tasks.send_mails': {'queue': 'notify'},
 'weblate.memory.tasks.*': {'queue': 'memory'},
 'weblate.trans.tasks.auto_translate*': {'queue': 'translate'},
 'weblate.utils.tasks.database_backup': {'queue': 'backup'},
 'weblate.utils.tasks.settings_backup': {'queue': 'backup'},
 'weblate.wladmin.tasks.backup': {'queue': 'backup'},
 'weblate.wladmin.tasks.backup_service': {'queue': 'backup'}}
CELERY_WORKER_MAX_MEMORY_PER_CHILD  
200000
CHECK_LIST  
('weblate.checks.same.SameCheck',
 'weblate.checks.chars.BeginNewlineCheck',
 'weblate.checks.chars.EndNewlineCheck',
 'weblate.checks.chars.BeginSpaceCheck',
 'weblate.checks.chars.EndSpaceCheck',
 'weblate.checks.chars.DoubleSpaceCheck',
 'weblate.checks.chars.EndStopCheck',
 'weblate.checks.chars.EndColonCheck',
 'weblate.checks.chars.EndQuestionCheck',
 'weblate.checks.chars.EndExclamationCheck',
 'weblate.checks.chars.EndEllipsisCheck',
 'weblate.checks.chars.EndSemicolonCheck',
 'weblate.checks.chars.MaxLengthCheck',
 'weblate.checks.chars.KashidaCheck',
 'weblate.checks.chars.PunctuationSpacingCheck',
 'weblate.checks.format.PythonFormatCheck',
 'weblate.checks.format.PythonBraceFormatCheck',
 'weblate.checks.format.PHPFormatCheck',
 'weblate.checks.format.CFormatCheck',
 'weblate.checks.format.PerlFormatCheck',
 'weblate.checks.format.JavaScriptFormatCheck',
 'weblate.checks.format.LuaFormatCheck',
 'weblate.checks.format.ObjectPascalFormatCheck',
 'weblate.checks.format.SchemeFormatCheck',
 'weblate.checks.format.CSharpFormatCheck',
 'weblate.checks.format.JavaFormatCheck',
 'weblate.checks.format.JavaMessageFormatCheck',
 'weblate.checks.format.PercentPlaceholdersCheck',
 'weblate.checks.format.VueFormattingCheck',
 'weblate.checks.format.I18NextInterpolationCheck',
 'weblate.checks.format.ESTemplateLiteralsCheck',
 'weblate.checks.angularjs.AngularJSInterpolationCheck',
 'weblate.checks.icu.ICUMessageFormatCheck',
 'weblate.checks.icu.ICUSourceCheck',
 'weblate.checks.qt.QtFormatCheck',
 'weblate.checks.qt.QtPluralCheck',
 'weblate.checks.ruby.RubyFormatCheck',
 'weblate.checks.consistency.PluralsCheck',
 'weblate.checks.consistency.SamePluralsCheck',
 'weblate.checks.consistency.ConsistencyCheck',
 'weblate.checks.consistency.ReusedCheck',
 'weblate.checks.consistency.TranslatedCheck',
 'weblate.checks.chars.EscapedNewlineCountingCheck',
 'weblate.checks.chars.NewLineCountCheck',
 'weblate.checks.markup.BBCodeCheck',
 'weblate.checks.chars.ZeroWidthSpaceCheck',
 'weblate.checks.render.MaxSizeCheck',
 'weblate.checks.markup.XMLValidityCheck',
 'weblate.checks.markup.XMLTagsCheck',
 'weblate.checks.markup.MarkdownRefLinkCheck',
 'weblate.checks.markup.MarkdownLinkCheck',
 'weblate.checks.markup.MarkdownSyntaxCheck',
 'weblate.checks.markup.URLCheck',
 'weblate.checks.markup.SafeHTMLCheck',
 'weblate.checks.placeholders.PlaceholderCheck',
 'weblate.checks.placeholders.RegexCheck',
 'weblate.checks.duplicate.DuplicateCheck',
 'weblate.checks.source.OptionalPluralCheck',
 'weblate.checks.source.EllipsisCheck',
 'weblate.checks.source.MultipleFailingCheck',
 'weblate.checks.source.LongUntranslatedCheck',
 'weblate.checks.format.MultipleUnnamedFormatsCheck',
 'weblate.checks.glossary.GlossaryCheck')
COMMENT_CLEANUP_DAYS    
None
COMMIT_PENDING_HOURS    
24
COMPRESSORS 
{'css': 'compressor.css.CssCompressor', 'js': 'compressor.js.JsCompressor'}
COMPRESS_CACHEABLE_PRECOMPILERS 
()
COMPRESS_CACHE_BACKEND  
'default'
COMPRESS_CACHE_KEY_FUNCTION 
'********************'
COMPRESS_CLEAN_CSS_ARGUMENTS    
''
COMPRESS_CLEAN_CSS_BINARY   
'cleancss'
COMPRESS_CLOSURE_COMPILER_ARGUMENTS 
''
COMPRESS_CLOSURE_COMPILER_BINARY    
'java -jar compiler.jar'
COMPRESS_CSS_HASHING_METHOD 
'content'
COMPRESS_DATA_URI_MAX_SIZE  
1024
COMPRESS_DEBUG_TOGGLE   
None
COMPRESS_ENABLED    
False
COMPRESS_FILTERS    
{'css': ['compressor.filters.css_default.CssAbsoluteFilter',
         'compressor.filters.cssmin.rCSSMinFilter'],
 'js': ['compressor.filters.jsmin.rJSMinFilter']}
COMPRESS_JINJA2_GET_ENVIRONMENT 
<function CompressorConf.JINJA2_GET_ENVIRONMENT at 0x7fc9c8234940>
COMPRESS_MINT_DELAY 
30
COMPRESS_MTIME_DELAY    
10
COMPRESS_OFFLINE    
False
COMPRESS_OFFLINE_CONTEXT    
'weblate.utils.compress.offline_context'
COMPRESS_OFFLINE_MANIFEST   
'manifest.json'
COMPRESS_OFFLINE_MANIFEST_STORAGE   
'compressor.storage.OfflineManifestFileStorage'
COMPRESS_OFFLINE_TIMEOUT    
31536000
COMPRESS_OUTPUT_DIR 
'CACHE'
COMPRESS_PARSER 
'compressor.parser.AutoSelectParser'
COMPRESS_PRECOMPILERS   
()
COMPRESS_REBUILD_TIMEOUT    
2592000
COMPRESS_ROOT   
'/shanai/weblate/cache/static'
COMPRESS_STORAGE    
'compressor.storage.CompressorFileStorage'
COMPRESS_TEMPLATE_FILTER_CONTEXT    
{'STATIC_URL': '/translate/static/'}
COMPRESS_URL    
'/translate/static/'
COMPRESS_URL_PLACEHOLDER    
'/__compressor_url_placeholder__/'
COMPRESS_VERBOSE    
False
COMPRESS_YUGLIFY_BINARY 
'yuglify'
COMPRESS_YUGLIFY_CSS_ARGUMENTS  
'--terminal'
COMPRESS_YUGLIFY_JS_ARGUMENTS   
'--terminal'
COMPRESS_YUI_BINARY 
'java -jar yuicompressor.jar'
COMPRESS_YUI_CSS_ARGUMENTS  
''
COMPRESS_YUI_JS_ARGUMENTS   
''
CONTACT_FORM    
'reply-to'
CORS_ALLOWED_ORIGINS    
[]
CORS_URLS_REGEX 
'^/api/.*$'
CREATE_GLOSSARIES   
True
CRISPY_ALLOWED_TEMPLATE_PACKS   
'bootstrap3'
CRISPY_TEMPLATE_PACK    
'bootstrap3'
CSP_CONNECT_SRC 
[]
CSP_FONT_SRC    
[]
CSP_IMG_SRC 
[]
CSP_SCRIPT_SRC  
[]
CSP_STYLE_SRC   
[]
CSRF_COOKIE_AGE 
31449600
CSRF_COOKIE_DOMAIN  
None
CSRF_COOKIE_HTTPONLY    
True
CSRF_COOKIE_MASKED  
False
CSRF_COOKIE_NAME    
'csrftoken'
CSRF_COOKIE_PATH    
'/'
CSRF_COOKIE_SAMESITE    
'Lax'
CSRF_COOKIE_SECURE  
True
CSRF_FAILURE_VIEW   
'weblate.trans.views.error.csrf_failure'
CSRF_HEADER_NAME    
'HTTP_X_CSRFTOKEN'
CSRF_TRUSTED_ORIGINS    
[]
CSRF_USE_SESSIONS   
True
DATABASES   
{'default': {'ATOMIC_REQUESTS': False,
             'AUTOCOMMIT': True,
             'CONN_HEALTH_CHECKS': False,
             'CONN_MAX_AGE': 0,
             'DISABLE_SERVER_SIDE_CURSORS': False,
             'ENGINE': 'django.db.backends.postgresql',
             'HOST': '127.0.0.1',
             'NAME': 'weblate',
             'OPTIONS': {},
             'PASSWORD': '********************',
             'PORT': '',
             'TEST': {'CHARSET': None,
                      'COLLATION': None,
                      'MIGRATE': True,
                      'MIRROR': None,
                      'NAME': None},
             'TIME_ZONE': None,
             'USER': 'weblate'}}
DATABASE_BACKUP 
'plain'
DATABASE_ROUTERS    
[]
DATA_DIR    
'/shanai/weblate'
DATA_UPLOAD_MAX_MEMORY_SIZE 
50000000
DATA_UPLOAD_MAX_NUMBER_FIELDS   
20000
DATA_UPLOAD_MAX_NUMBER_FILES    
100
DATETIME_FORMAT 
'N j, Y, P'
DATETIME_INPUT_FORMATS  
['%Y-%m-%d %H:%M:%S',
 '%Y-%m-%d %H:%M:%S.%f',
 '%Y-%m-%d %H:%M',
 '%m/%d/%Y %H:%M:%S',
 '%m/%d/%Y %H:%M:%S.%f',
 '%m/%d/%Y %H:%M',
 '%m/%d/%y %H:%M:%S',
 '%m/%d/%y %H:%M:%S.%f',
 '%m/%d/%y %H:%M']
DATE_FORMAT 
'N j, Y'
DATE_INPUT_FORMATS  
['%Y-%m-%d',
 '%m/%d/%Y',
 '%m/%d/%y',
 '%b %d %Y',
 '%b %d, %Y',
 '%d %b %Y',
 '%d %b, %Y',
 '%B %d %Y',
 '%B %d, %Y',
 '%d %B %Y',
 '%d %B, %Y']
DEBUG   
True
DEBUG_PROPAGATE_EXCEPTIONS  
False
DECIMAL_SEPARATOR   
'.'
DEFAULT_ACCESS_CONTROL  
0
DEFAULT_ADDONS  
{}
DEFAULT_ADDON_MESSAGE   
('Update translation files\n'
 '\n'
 'Updated by "{{ addon_name }}" hook in Weblate.\n'
 '\n'
 'Translation: {{ project_name }}/{{ component_name }}\n'
 'Translate-URL: {{ url }}')
DEFAULT_ADD_MESSAGE 
'Added translation using Weblate ({{ language_name }})\n\n'
DEFAULT_AUTO_FIELD  
'django.db.models.AutoField'
DEFAULT_AUTO_LOCK_ERROR 
True
DEFAULT_AUTO_WATCH  
True
DEFAULT_CHARSET 
'utf-8'
DEFAULT_COMMITER_EMAIL  
'<redacted>.net'
DEFAULT_COMMITER_NAME   
'translate'
DEFAULT_COMMIT_MESSAGE  
('Translated using Weblate ({{ language_name }})\n'
 '\n'
 'Currently translated at {{ stats.translated_percent }}% ({{ stats.translated '
 '}} of {{ stats.all }} strings)\n'
 '\n'
 'Translation: {{ project_name }}/{{ component_name }}\n'
 'Translate-URL: {{ url }}')
DEFAULT_DELETE_MESSAGE  
'Deleted translation using Weblate ({{ language_name }})\n\n'
DEFAULT_EXCEPTION_REPORTER  
'django.views.debug.ExceptionReporter'
DEFAULT_EXCEPTION_REPORTER_FILTER   
'weblate.trans.debug.WeblateExceptionReporterFilter'
DEFAULT_FILE_STORAGE    
'django.core.files.storage.FileSystemStorage'
DEFAULT_FROM_EMAIL  
'<redacted>.net'
DEFAULT_INDEX_TABLESPACE    
''
DEFAULT_LANGUAGE    
'en'
DEFAULT_LOG 
'console'
DEFAULT_LOGLEVEL    
'DEBUG'
DEFAULT_MERGE_MESSAGE   
"Merge branch '{{ component_remote_branch }}' into Weblate.\n\n"
DEFAULT_MERGE_STYLE 
'rebase'
DEFAULT_PAGE_LIMIT  
100
DEFAULT_PULL_MESSAGE    
('Translations update from {{ site_title }}\n'
 '\n'
 'Translations update from [{{ site_title }}]({{ site_url }}) for [{{ '
 'project_name }}/{{ component_name }}]({{url}}).\n'
 '\n'
 '{% if component_linked_childs %}\n'
 'It also includes following components:\n'
 '{% for linked in component_linked_childs %}\n'
 '* [{{ linked.project_name }}/{{ linked.name }}]({{ linked.url }})\n'
 '{% endfor %}\n'
 '{% endif %}\n'
 '\n'
 'Current translation status:\n'
 '\n'
 '![Weblate translation status]({{widget_url}})\n')
DEFAULT_PUSH_ON_COMMIT  
True
DEFAULT_RESTRICTED_COMPONENT    
False
DEFAULT_SHARED_TM   
True
DEFAULT_TABLESPACE  
''
DEFAULT_TRANSLATION_PROPAGATION 
True
DEFAULT_VCS 
'git'
DISALLOWED_USER_AGENTS  
[]
EMAIL_BACKEND   
'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST  
'<redacted>.net'
EMAIL_HOST_PASSWORD 
'********************'
EMAIL_HOST_USER 
''
EMAIL_PORT  
25
EMAIL_SEND_HTML 
True
EMAIL_SSL_CERTFILE  
None
EMAIL_SSL_KEYFILE   
'********************'
EMAIL_SUBJECT_PREFIX    
'[Weblate] '
EMAIL_TIMEOUT   
None
EMAIL_USE_LOCALTIME 
False
EMAIL_USE_SSL   
False
EMAIL_USE_TLS   
False
ENABLE_AVATARS  
True
ENABLE_HOOKS    
True
ENABLE_HTTPS    
True
ENABLE_SHARING  
True
EXTRA_HTML_HEAD 
''
FILE_UPLOAD_DIRECTORY_PERMISSIONS   
None
FILE_UPLOAD_HANDLERS    
['django.core.files.uploadhandler.MemoryFileUploadHandler',
 'django.core.files.uploadhandler.TemporaryFileUploadHandler']
FILE_UPLOAD_MAX_MEMORY_SIZE 
2621440
FILE_UPLOAD_PERMISSIONS 
420
FILE_UPLOAD_TEMP_DIR    
None
FIRST_DAY_OF_WEEK   
0
FIXTURE_DIRS    
[]
FONTS_CDN_URL   
None
FORCE_SCRIPT_NAME   
None
FORMAT_MODULE_PATH  
None
FORM_RENDERER   
'django.forms.renderers.DjangoTemplates'
GET_HELP_URL    
None
GITEA_CREDENTIALS   
{'<redacted>.net': {'token': '********************',
                       'username': 'Translate'}}
GITHUB_CREDENTIALS  
{}
GITLAB_CREDENTIALS  
{}
GOOGLE_ANALYTICS_ID 
None
HAVE_SYSLOG 
True
HIDE_REPO_CREDENTIALS   
True
HIDE_VERSION    
False
IGNORABLE_404_URLS  
[]
INSTALLED_APPS  
['weblate.addons',
 'weblate.auth',
 'weblate.checks',
 'weblate.formats',
 'weblate.glossary',
 'weblate.machinery',
 'weblate.trans',
 'weblate.lang',
 'weblate_language_data',
 'weblate.memory',
 'weblate.screenshots',
 'weblate.fonts',
 'weblate.accounts',
 'weblate.configuration',
 'weblate.utils',
 'weblate.vcs',
 'weblate.wladmin',
 'weblate.metrics',
 'weblate',
 'weblate.gitexport',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin.apps.SimpleAdminConfig',
 'django.contrib.admindocs',
 'django.contrib.sitemaps',
 'django.contrib.humanize',
 'social_django',
 'crispy_forms',
 'crispy_bootstrap3',
 'compressor',
 'rest_framework',
 'rest_framework.authtoken',
 'django_filters',
 'django_celery_beat',
 'corsheaders']
INTERLEDGER_PAYMENT_POINTERS    
['$ilp.uphold.com/ENU7fREdeZi9']
INTERNAL_IPS    
[]
INVOICE_PATH    
''
IP_BEHIND_REVERSE_PROXY 
False
IP_PROXY_HEADER 
'HTTP_X_FORWARDED_FOR'
IP_PROXY_OFFSET 
0
LANGUAGES   
(('ar', 'العربية'),
 ('az', 'Azərbaycan'),
 ('be', 'Беларуская'),
 ('be-latn', 'Biełaruskaja'),
 ('bg', 'Български'),
 ('br', 'Brezhoneg'),
 ('ca', 'Català'),
 ('cs', 'Čeština'),
 ('cy', 'Cymraeg'),
 ('da', 'Dansk'),
 ('de', 'Deutsch'),
 ('en', 'English'),
 ('el', 'Ελληνικά'),
 ('en-gb', 'English (United Kingdom)'),
 ('es', 'Español'),
 ('fi', 'Suomi'),
 ('fr', 'Français'),
 ('gl', 'Galego'),
 ('he', 'עברית'),
 ('hu', 'Magyar'),
 ('hr', 'Hrvatski'),
 ('id', 'Indonesia'),
 ('is', 'Íslenska'),
 ('it', 'Italiano'),
 ('ja', '日本語'),
 ('kab', 'Taqbaylit'),
 ('kk', 'Қазақ тілі'),
 ('ko', '한국어'),
 ('nb', 'Norsk bokmål'),
 ('nl', 'Nederlands'),
 ('pl', 'Polski'),
 ('pt', 'Português'),
 ('pt-br', 'Português brasileiro'),
 ('ro', 'Română'),
 ('ru', 'Русский'),
 ('sk', 'Slovenčina'),
 ('sl', 'Slovenščina'),
 ('sq', 'Shqip'),
 ('sr', 'Српски'),
 ('sr-latn', 'Srpski'),
 ('sv', 'Svenska'),
 ('th', 'ไทย'),
 ('tr', 'Türkçe'),
 ('uk', 'Українська'),
 ('zh-hans', '简体中文'),
 ('zh-hant', '正體中文'))
LANGUAGES_BIDI  
['he', 'ar', 'ar-dz', 'ckb', 'fa', 'ur']
LANGUAGE_CODE   
'en-us'
LANGUAGE_COOKIE_AGE 
120960000
LANGUAGE_COOKIE_DOMAIN  
None
LANGUAGE_COOKIE_HTTPONLY    
True
LANGUAGE_COOKIE_NAME    
'django_language'
LANGUAGE_COOKIE_PATH    
'/'
LANGUAGE_COOKIE_SAMESITE    
'Lax'
LANGUAGE_COOKIE_SECURE  
True
LEGAL_URL   
None
LICENSE_EXTRA   
[]
LICENSE_FILTER  
None
LICENSE_REQUIRED    
False
LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH   
True
LOCALE_PATHS    
[]
LOCALIZE_CDN_PATH   
None
LOCALIZE_CDN_URL    
None
LOGGING 
{'disable_existing_loggers': True,
 'filters': {'require_debug_false': {'()': 'django.utils.log.RequireDebugFalse'}},
 'formatters': {'django.server': {'()': 'django.utils.log.ServerFormatter',
                                  'format': '[%(server_time)s] %(message)s'},
                'logfile': {'format': '%(asctime)s %(levelname)s %(message)s'},
                'simple': {'format': '[%(asctime)s: %(levelname)s/%(process)s] '
                                     '%(message)s'},
                'syslog': {'format': 'weblate[%(process)d]: %(levelname)s '
                                     '%(message)s'}},
 'handlers': {'console': {'class': 'logging.StreamHandler',
                          'formatter': 'simple',
                          'level': 'DEBUG'},
              'django.server': {'class': 'logging.StreamHandler',
                                'formatter': 'django.server',
                                'level': 'INFO'},
              'mail_admins': {'class': 'django.utils.log.AdminEmailHandler',
                              'filters': ['require_debug_false'],
                              'include_html': True,
                              'level': 'ERROR'},
              'syslog': {'address': '/dev/log',
                         'class': 'logging.handlers.SysLogHandler',
                         'facility': 18,
                         'formatter': 'syslog',
                         'level': 'DEBUG'}},
 'loggers': {'django.request': {'handlers': ['mail_admins', 'console'],
                                'level': 'ERROR',
                                'propagate': True},
             'django.server': {'handlers': ['django.server'],
                               'level': 'INFO',
                               'propagate': False},
             'django_auth_ldap': {'handlers': ['console'], 'level': 'DEBUG'},
             'djangosaml2idp': {'handlers': ['console'], 'level': 'DEBUG'},
             'redis_lock': {'handlers': ['console'], 'level': 'DEBUG'},
             'social': {'handlers': ['console'], 'level': 'DEBUG'},
             'weblate': {'handlers': ['console'], 'level': 'DEBUG'},
             'weblate.vcs': {'handlers': ['console'], 'level': 'DEBUG'}},
 'version': 1}
LOGGING_CONFIG  
'logging.config.dictConfig'
LOGIN_REDIRECT_URL  
'/translate/'
LOGIN_REQUIRED_URLS 
[]
LOGIN_REQUIRED_URLS_EXCEPTIONS  
('{URL_PREFIX}/accounts/(.*)$',
 '{URL_PREFIX}/admin/login/(.*)$',
 '{URL_PREFIX}/static/(.*)$',
 '{URL_PREFIX}/widgets/(.*)$',
 '{URL_PREFIX}/data/(.*)$',
 '{URL_PREFIX}/hooks/(.*)$',
 '{URL_PREFIX}/healthz/$',
 '{URL_PREFIX}/api/(.*)$',
 '{URL_PREFIX}/js/i18n/$',
 '{URL_PREFIX}/contact/$',
 '{URL_PREFIX}/legal/(.*)$',
 '{URL_PREFIX}/avatar/(.*)$')
LOGIN_URL   
'/translate/accounts/login/'
LOGOUT_REDIRECT_URL 
None
LOGOUT_URL  
'/translate/accounts/logout/'
MANAGERS    
(('Vlad', 'git@frost.kiwi'),)
MATOMO_SITE_ID  
None
MATOMO_URL  
None
MEDIA_ROOT  
'/shanai/weblate/media'
MEDIA_URL   
'/translate/media/'
MESSAGE_STORAGE 
'django.contrib.messages.storage.session.SessionStorage'
MIDDLEWARE  
['weblate.middleware.RedirectMiddleware',
 'weblate.middleware.ProxyMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'weblate.accounts.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'social_django.middleware.SocialAuthExceptionMiddleware',
 'weblate.accounts.middleware.RequireLoginMiddleware',
 'weblate.api.middleware.ThrottlingMiddleware',
 'weblate.middleware.SecurityMiddleware',
 'weblate.wladmin.middleware.ManageMiddleware']
MIGRATION_MODULES   
{}
MONTH_DAY_FORMAT    
'F j'
MT_APERTIUM_APY 
None
MT_AWS_ACCESS_KEY_ID    
'********************'
MT_AWS_REGION   
None
MT_AWS_SECRET_ACCESS_KEY    
'********************'
MT_BAIDU_ID 
None
MT_BAIDU_SECRET 
'********************'
MT_DEEPL_API_URL    
'********************'
MT_DEEPL_KEY    
'********************'
MT_GOOGLE_CREDENTIALS   
None
MT_GOOGLE_KEY   
'********************'
MT_GOOGLE_LOCATION  
'global'
MT_GOOGLE_PROJECT   
None
MT_LIBRETRANSLATE_API_URL   
'********************'
MT_LIBRETRANSLATE_KEY   
'********************'
MT_MICROSOFT_BASE_URL   
'api.cognitive.microsofttranslator.com'
MT_MICROSOFT_COGNITIVE_KEY  
'********************'
MT_MICROSOFT_ENDPOINT_URL   
'api.cognitive.microsoft.com'
MT_MICROSOFT_REGION 
None
MT_MODERNMT_KEY 
'********************'
MT_MODERNMT_URL 
'https://api.modernmt.com/'
MT_MYMEMORY_EMAIL   
None
MT_MYMEMORY_KEY 
'********************'
MT_MYMEMORY_USER    
None
MT_NETEASE_KEY  
'********************'
MT_NETEASE_SECRET   
'********************'
MT_SAP_BASE_URL 
None
MT_SAP_PASSWORD 
'********************'
MT_SAP_SANDBOX_APIKEY   
'********************'
MT_SAP_USERNAME 
None
MT_SAP_USE_MT   
True
MT_SERVICES 
('weblate.machinery.weblatetm.WeblateTranslation',
 'weblate.memory.machine.WeblateMemory')
MT_TMSERVER 
None
MT_YANDEX_KEY   
'********************'
MT_YOUDAO_ID    
None
MT_YOUDAO_SECRET    
'********************'
NEARBY_MESSAGES 
15
NUMBER_GROUPING 
0
OFFER_HOSTING   
False
PAGURE_CREDENTIALS  
{}
PASSWORD_HASHERS    
'********************'
PASSWORD_RESET_TIMEOUT  
'********************'
PREPEND_WWW 
False
PRIVACY_URL 
None
PRIVATE_COMMIT_EMAIL_OPT_IN 
True
PRIVATE_COMMIT_EMAIL_TEMPLATE   
'{username}@users.noreply.{site_domain}'
PROJECT_BACKUP_KEEP_COUNT   
3
PROJECT_BACKUP_KEEP_DAYS    
30
PROJECT_NAME_RESTRICT_RE    
None
PROJECT_WEB_RESTRICT_HOST   
{'localhost'}
PROJECT_WEB_RESTRICT_NUMERIC    
True
PROJECT_WEB_RESTRICT_RE 
None
RATELIMIT_ATTEMPTS  
5
RATELIMIT_COMMENT_ATTEMPTS  
30
RATELIMIT_COMMENT_WINDOW    
60
RATELIMIT_GLOSSARY_ATTEMPTS 
30
RATELIMIT_GLOSSARY_WINDOW   
60
RATELIMIT_LANGUAGE_ATTEMPTS 
2
RATELIMIT_LANGUAGE_LOCKOUT  
600
RATELIMIT_LANGUAGE_WINDOW   
300
RATELIMIT_LOCKOUT   
600
RATELIMIT_MESSAGE_ATTEMPTS  
2
RATELIMIT_PROJECT_ATTEMPTS  
5
RATELIMIT_PROJECT_LOCKOUT   
600
RATELIMIT_PROJECT_WINDOW    
600
RATELIMIT_SEARCH_ATTEMPTS   
30
RATELIMIT_SEARCH_LOCKOUT    
60
RATELIMIT_SEARCH_WINDOW 
60
RATELIMIT_TRANSLATE_ATTEMPTS    
30
RATELIMIT_TRANSLATE_WINDOW  
60
RATELIMIT_TRIAL_ATTEMPTS    
1
RATELIMIT_TRIAL_LOCKOUT 
600
RATELIMIT_TRIAL_WINDOW  
60
RATELIMIT_WINDOW    
300
REGISTRATION_ALLOW_BACKENDS 
[]
REGISTRATION_CAPTCHA    
True
REGISTRATION_EMAIL_MATCH    
'.*'
REGISTRATION_HINTS  
{}
REGISTRATION_OPEN   
True
REGISTRATION_REBIND 
False
REPOSITORY_ALERT_THRESHOLD  
25
REQUIRE_LOGIN   
False
REST_FRAMEWORK  
{'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework.authentication.TokenAuthentication',
                                    'weblate.api.authentication.BearerAuthentication',
                                    'rest_framework.authentication.SessionAuthentication'),
 'DEFAULT_PAGINATION_CLASS': 'weblate.api.pagination.StandardPagination',
 'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticatedOrReadOnly'],
 'DEFAULT_THROTTLE_CLASSES': ('weblate.api.throttling.UserRateThrottle',
                              'weblate.api.throttling.AnonRateThrottle'),
 'DEFAULT_THROTTLE_RATES': {'anon': '100/day', 'user': '5000/hour'},
 'PAGE_SIZE': 50,
 'UNAUTHENTICATED_USER': 'weblate.auth.models.get_anonymous',
 'VIEW_DESCRIPTION_FUNCTION': 'weblate.api.views.get_view_description'}
ROOT_URLCONF    
'weblate.urls'
SECRET_KEY  
'********************'
SECRET_KEY_FALLBACKS    
'********************'
SECURE_BROWSER_XSS_FILTER   
True
SECURE_CONTENT_TYPE_NOSNIFF 
True
SECURE_CROSS_ORIGIN_OPENER_POLICY   
'same-origin'
SECURE_HSTS_INCLUDE_SUBDOMAINS  
True
SECURE_HSTS_PRELOAD 
True
SECURE_HSTS_SECONDS 
31536000
SECURE_PROXY_SSL_HEADER 
None
SECURE_REDIRECT_EXEMPT  
('healthz/$',)
SECURE_REFERRER_POLICY  
'same-origin'
SECURE_SSL_HOST 
'<redacted>.net'
SECURE_SSL_REDIRECT 
True
SENTRY_DSN  
None
SENTRY_ENVIRONMENT  
'<redacted>.net'
SENTRY_EXTRA_ARGS   
{}
SENTRY_PROFILES_SAMPLE_RATE 
0
SENTRY_PROJECTS 
['weblate']
SENTRY_SECURITY 
None
SENTRY_SEND_PII 
True
SENTRY_TOKEN    
'********************'
SENTRY_TRACES_SAMPLE_RATE   
0
SERVER_EMAIL    
'<redacted>.net'
SESSION_CACHE_ALIAS 
'default'
SESSION_COOKIE_AGE  
100000
SESSION_COOKIE_AGE_AUTHENTICATED    
12096000
SESSION_COOKIE_DOMAIN   
None
SESSION_COOKIE_HTTPONLY 
True
SESSION_COOKIE_NAME 
'sessionid'
SESSION_COOKIE_PATH 
'/'
SESSION_COOKIE_SAMESITE 
'Lax'
SESSION_COOKIE_SECURE   
True
SESSION_ENGINE  
'django.contrib.sessions.backends.cache'
SESSION_EXPIRE_AT_BROWSER_CLOSE 
False
SESSION_FILE_PATH   
None
SESSION_SAVE_EVERY_REQUEST  
False
SESSION_SERIALIZER  
'django.contrib.sessions.serializers.JSONSerializer'
SETTINGS_MODULE 
'weblate.settings'
SHORT_DATETIME_FORMAT   
'm/d/Y P'
SHORT_DATE_FORMAT   
'm/d/Y'
SIGNING_BACKEND 
'django.core.signing.TimestampSigner'
SILENCED_SYSTEM_CHECKS  
['admin.E408']
SIMILAR_MESSAGES    
5
SIMPLIFY_LANGUAGES  
True
SINGLE_PROJECT  
False
SITE_DOMAIN 
'<redacted>.net'
SITE_ID 
1
SITE_TITLE  
'Weblate'
SOCIAL_AUTH_AUTH0_IMAGE 
'auth0.svg'
SOCIAL_AUTH_AUTH0_TITLE 
'Auth0'
SOCIAL_AUTH_BITBUCKET_OAUTH2_KEY    
'********************'
SOCIAL_AUTH_BITBUCKET_OAUTH2_SECRET 
'********************'
SOCIAL_AUTH_BITBUCKET_OAUTH2_VERIFIED_EMAILS_ONLY   
True
SOCIAL_AUTH_DISCONNECT_PIPELINE 
('social_core.pipeline.disconnect.allowed_to_disconnect',
 'social_core.pipeline.disconnect.get_entries',
 'social_core.pipeline.disconnect.revoke_tokens',
 'weblate.accounts.pipeline.cycle_session',
 'weblate.accounts.pipeline.adjust_primary_mail',
 'weblate.accounts.pipeline.notify_disconnect',
 'social_core.pipeline.disconnect.disconnect',
 'weblate.accounts.pipeline.cleanup_next')
SOCIAL_AUTH_EMAIL_FORM_URL  
'/translate/accounts/email/'
SOCIAL_AUTH_EMAIL_VALIDATION_FUNCTION   
'weblate.accounts.pipeline.send_validation'
SOCIAL_AUTH_EMAIL_VALIDATION_URL    
'/translate/accounts/email-sent/'
SOCIAL_AUTH_FACEBOOK_KEY    
'********************'
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS   
{'fields': 'id,name,email'}
SOCIAL_AUTH_FACEBOOK_SCOPE  
['email', 'public_profile']
SOCIAL_AUTH_FACEBOOK_SECRET 
'********************'
SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL   
'********************'
SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY   
'********************'
SOCIAL_AUTH_GITHUB_ENTERPRISE_SCOPE 
''
SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET    
'********************'
SOCIAL_AUTH_GITHUB_ENTERPRISE_URL   
''
SOCIAL_AUTH_GITHUB_KEY  
'********************'
SOCIAL_AUTH_GITHUB_ORG_KEY  
'********************'
SOCIAL_AUTH_GITHUB_ORG_NAME 
''
SOCIAL_AUTH_GITHUB_ORG_SECRET   
'********************'
SOCIAL_AUTH_GITHUB_SCOPE    
['user:email']
SOCIAL_AUTH_GITHUB_SECRET   
'********************'
SOCIAL_AUTH_GITHUB_TEAM_ID  
''
SOCIAL_AUTH_GITHUB_TEAM_KEY 
'********************'
SOCIAL_AUTH_GITHUB_TEAM_SECRET  
'********************'
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY   
'********************'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET    
'********************'
SOCIAL_AUTH_LOGIN_ERROR_URL 
'/translate/accounts/login/'
SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL    
'/translate/accounts/profile/#account'
SOCIAL_AUTH_PIPELINE    
('social_core.pipeline.social_auth.social_details',
 'social_core.pipeline.social_auth.social_uid',
 'social_core.pipeline.social_auth.auth_allowed',
 'social_core.pipeline.social_auth.social_user',
 'weblate.accounts.pipeline.store_params',
 'weblate.accounts.pipeline.verify_open',
 'social_core.pipeline.user.get_username',
 'weblate.accounts.pipeline.require_email',
 'social_core.pipeline.mail.mail_validation',
 'weblate.accounts.pipeline.revoke_mail_code',
 'weblate.accounts.pipeline.ensure_valid',
 'weblate.accounts.pipeline.remove_account',
 'social_core.pipeline.social_auth.associate_by_email',
 'weblate.accounts.pipeline.reauthenticate',
 'weblate.accounts.pipeline.verify_username',
 'social_core.pipeline.user.create_user',
 'social_core.pipeline.social_auth.associate_user',
 'social_core.pipeline.social_auth.load_extra_data',
 'weblate.accounts.pipeline.cleanup_next',
 'weblate.accounts.pipeline.user_full_name',
 'weblate.accounts.pipeline.store_email',
 'weblate.accounts.pipeline.notify_connect',
 'weblate.accounts.pipeline.password_reset')
SOCIAL_AUTH_PROTECTED_USER_FIELDS   
('email',)
SOCIAL_AUTH_RAISE_EXCEPTIONS    
True
SOCIAL_AUTH_REDIRECT_IS_HTTPS   
True
SOCIAL_AUTH_SAML_ENABLED_IDPS   
{'weblate': {'attr_email': 'emailaddress',
             'attr_name': 'nameidentifier',
             'attr_user_permanent_id': 'emailaddress',
             'attr_username': 'username',
             'entity_id': 'https://sts.windows.net/<redacted>',
             'url': 'https://login.microsoftonline.com/<redacted>',
             'x509cert': '<redacted>'}}
SOCIAL_AUTH_SAML_IMAGE  
'saml.svg'
SOCIAL_AUTH_SAML_ORG_INFO   
{'en-US': {'displayname': '<redacted>',
           'name': '<redacted>',
           'url': 'http://<redacted>.net'}}
SOCIAL_AUTH_SAML_SP_ENTITY_ID   
'<redacted>.net'
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY 
'********************'
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT 
('-----BEGIN CERTIFICATE-----\n'
<redacted>'
 '-----END CERTIFICATE-----')
SOCIAL_AUTH_SAML_SUPPORT_CONTACT    
{'emailAddress': '<redacted>.net',
 'givenName': 'Wladislav Artsimovich'}
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT  
{'emailAddress': '<redacted>.net',
 'givenName': 'Wladislav Artsimovich'}
SOCIAL_AUTH_SAML_TITLE  
'SAML'
SOCIAL_AUTH_SLUGIFY_FUNCTION    
'weblate.accounts.pipeline.slugify_username'
SOCIAL_AUTH_SLUGIFY_USERNAMES   
True
SOCIAL_AUTH_STRATEGY    
'weblate.accounts.strategy.WeblateStrategy'
SPECIAL_CHARS   
('\t', '\n', '\xa0', '…')
SSH_EXTRA_ARGS  
''
STATICFILES_DIRS    
()
STATICFILES_FINDERS 
('django.contrib.staticfiles.finders.FileSystemFinder',
 'django.contrib.staticfiles.finders.AppDirectoriesFinder',
 'compressor.finders.CompressorFinder')
STATICFILES_STORAGE 
'django.contrib.staticfiles.storage.StaticFilesStorage'
STATIC_ROOT 
'/shanai/weblate/cache/static'
STATIC_URL  
'/translate/static/'
STATUS_URL  
None
STORAGES    
{'default': {'BACKEND': 'django.core.files.storage.FileSystemStorage'},
 'staticfiles': {'BACKEND': 'django.contrib.staticfiles.storage.StaticFilesStorage'}}
SUGGESTION_CLEANUP_DAYS 
None
SUPPORT_API_URL 
'********************'
TEMPLATES   
[{'APP_DIRS': True,
  'BACKEND': 'django.template.backends.django.DjangoTemplates',
  'OPTIONS': {'context_processors': ['django.contrib.auth.context_processors.auth',
                                     'django.template.context_processors.debug',
                                     'django.template.context_processors.i18n',
                                     'django.template.context_processors.request',
                                     'django.template.context_processors.csrf',
                                     'django.contrib.messages.context_processors.messages',
                                     'weblate.trans.context_processors.weblate_context']}}]
TEST_NON_SERIALIZED_APPS    
[]
TEST_RUNNER 
'django.test.runner.DiscoverRunner'
THOUSAND_SEPARATOR  
','
TIME_FORMAT 
'P'
TIME_INPUT_FORMATS  
['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']
TIME_ZONE   
'UTC'
UNUSED_ALERT_DAYS   
365
UPDATE_LANGUAGES    
True
URL_PREFIX  
'/translate'
USE_DEPRECATED_PYTZ 
False
USE_I18N    
True
USE_L10N    
True
USE_THOUSAND_SEPARATOR  
False
USE_TZ  
True
USE_X_FORWARDED_HOST    
False
USE_X_FORWARDED_PORT    
False
VAT_RATE    
1.21
VCS_API_DELAY   
'********************'
VCS_BACKENDS    
('weblate.vcs.git.GitRepository',
 'weblate.vcs.git.GitWithGerritRepository',
 'weblate.vcs.git.SubversionRepository',
 'weblate.vcs.git.GithubRepository',
 'weblate.vcs.git.GiteaRepository',
 'weblate.vcs.git.GitLabRepository',
 'weblate.vcs.git.PagureRepository',
 'weblate.vcs.git.LocalRepository',
 'weblate.vcs.git.GitForcePushRepository',
 'weblate.vcs.git.BitbucketServerRepository',
 'weblate.vcs.mercurial.HgRepository')
VCS_CLONE_DEPTH 
1
WEBLATE_ADDONS  
('weblate.addons.gettext.GenerateMoAddon',
 'weblate.addons.gettext.UpdateLinguasAddon',
 'weblate.addons.gettext.UpdateConfigureAddon',
 'weblate.addons.gettext.MsgmergeAddon',
 'weblate.addons.gettext.GettextCustomizeAddon',
 'weblate.addons.gettext.GettextAuthorComments',
 'weblate.addons.cleanup.CleanupAddon',
 'weblate.addons.cleanup.RemoveBlankAddon',
 'weblate.addons.consistency.LangaugeConsistencyAddon',
 'weblate.addons.discovery.DiscoveryAddon',
 'weblate.addons.autotranslate.AutoTranslateAddon',
 'weblate.addons.flags.SourceEditAddon',
 'weblate.addons.flags.TargetEditAddon',
 'weblate.addons.flags.SameEditAddon',
 'weblate.addons.flags.BulkEditAddon',
 'weblate.addons.generate.GenerateFileAddon',
 'weblate.addons.generate.PseudolocaleAddon',
 'weblate.addons.generate.PrefillAddon',
 'weblate.addons.generate.FillReadOnlyAddon',
 'weblate.addons.json.JSONCustomizeAddon',
 'weblate.addons.xml.XMLCustomizeAddon',
 'weblate.addons.properties.PropertiesSortAddon',
 'weblate.addons.git.GitSquashAddon',
 'weblate.addons.removal.RemoveComments',
 'weblate.addons.removal.RemoveSuggestions',
 'weblate.addons.resx.ResxUpdateAddon',
 'weblate.addons.yaml.YAMLCustomizeAddon',
 'weblate.addons.cdn.CDNJSAddon')
WEBLATE_EXPORTERS   
('weblate.formats.exporters.PoExporter',
 'weblate.formats.exporters.PoXliffExporter',
 'weblate.formats.exporters.XliffExporter',
 'weblate.formats.exporters.TBXExporter',
 'weblate.formats.exporters.TMXExporter',
 'weblate.formats.exporters.MoExporter',
 'weblate.formats.exporters.CSVExporter',
 'weblate.formats.exporters.XlsxExporter',
 'weblate.formats.exporters.JSONExporter',
 'weblate.formats.exporters.AndroidResourceExporter',
 'weblate.formats.exporters.StringsExporter')
WEBLATE_FORMATS 
('weblate.formats.ttkit.PoFormat',
 'weblate.formats.ttkit.PoMonoFormat',
 'weblate.formats.ttkit.TSFormat',
 'weblate.formats.ttkit.XliffFormat',
 'weblate.formats.ttkit.RichXliffFormat',
 'weblate.formats.ttkit.PoXliffFormat',
 'weblate.formats.ttkit.StringsFormat',
 'weblate.formats.ttkit.StringsUtf8Format',
 'weblate.formats.ttkit.PropertiesUtf8Format',
 'weblate.formats.ttkit.PropertiesUtf16Format',
 'weblate.formats.ttkit.PropertiesFormat',
 'weblate.formats.ttkit.JoomlaFormat',
 'weblate.formats.ttkit.GWTFormat',
 'weblate.formats.ttkit.GWTISOFormat',
 'weblate.formats.ttkit.PhpFormat',
 'weblate.formats.ttkit.LaravelPhpFormat',
 'weblate.formats.ttkit.RESXFormat',
 'weblate.formats.ttkit.AndroidFormat',
 'weblate.formats.ttkit.JSONFormat',
 'weblate.formats.ttkit.JSONNestedFormat',
 'weblate.formats.ttkit.WebExtensionJSONFormat',
 'weblate.formats.ttkit.I18NextFormat',
 'weblate.formats.ttkit.I18NextV4Format',
 'weblate.formats.ttkit.GoI18JSONFormat',
 'weblate.formats.ttkit.GoI18V2JSONFormat',
 'weblate.formats.ttkit.GoTextFormat',
 'weblate.formats.ttkit.ARBFormat',
 'weblate.formats.ttkit.CSVFormat',
 'weblate.formats.ttkit.CSVUtf8Format',
 'weblate.formats.ttkit.CSVSimpleFormat',
 'weblate.formats.ttkit.CSVUtf8SimpleFormat',
 'weblate.formats.ttkit.CSVSimpleFormatISO',
 'weblate.formats.ttkit.YAMLFormat',
 'weblate.formats.ttkit.RubyYAMLFormat',
 'weblate.formats.ttkit.SubRipFormat',
 'weblate.formats.ttkit.MicroDVDFormat',
 'weblate.formats.ttkit.AdvSubStationAlphaFormat',
 'weblate.formats.ttkit.SubStationAlphaFormat',
 'weblate.formats.ttkit.DTDFormat',
 'weblate.formats.ttkit.FlatXMLFormat',
 'weblate.formats.ttkit.ResourceDictionaryFormat',
 'weblate.formats.ttkit.INIFormat',
 'weblate.formats.ttkit.InnoSetupINIFormat',
 'weblate.formats.ttkit.PropertiesMi18nFormat',
 'weblate.formats.external.XlsxFormat',
 'weblate.formats.txt.AppStoreFormat',
 'weblate.formats.convert.HTMLFormat',
 'weblate.formats.convert.IDMLFormat',
 'weblate.formats.convert.OpenDocumentFormat',
 'weblate.formats.convert.PlainTextFormat',
 'weblate.formats.convert.DokuWikiFormat',
 'weblate.formats.convert.MediaWikiFormat',
 'weblate.formats.convert.WindowsRCFormat',
 'weblate.formats.ttkit.XWikiPropertiesFormat',
 'weblate.formats.ttkit.XWikiPagePropertiesFormat',
 'weblate.formats.ttkit.XWikiFullPageFormat',
 'weblate.formats.ttkit.TBXFormat',
 'weblate.formats.ttkit.StringsdictFormat',
 'weblate.formats.ttkit.FluentFormat',
 'weblate.formats.multi.MultiCSVUtf8Format')
WEBLATE_GPG_ALGO    
'default'
WEBLATE_GPG_IDENTITY    
None
WEBLATE_MACHINERY   
('weblate.machinery.apertium.ApertiumAPYTranslation',
 'weblate.machinery.aws.AWSTranslation',
 'weblate.machinery.baidu.BaiduTranslation',
 'weblate.machinery.deepl.DeepLTranslation',
 'weblate.machinery.glosbe.GlosbeTranslation',
 'weblate.machinery.google.GoogleTranslation',
 'weblate.machinery.googlev3.GoogleV3Translation',
 'weblate.machinery.libretranslate.LibreTranslateTranslation',
 'weblate.machinery.microsoft.MicrosoftCognitiveTranslation',
 'weblate.machinery.microsoftterminology.MicrosoftTerminologyService',
 'weblate.machinery.modernmt.ModernMTTranslation',
 'weblate.machinery.mymemory.MyMemoryTranslation',
 'weblate.machinery.netease.NeteaseSightTranslation',
 'weblate.machinery.tmserver.AmagamaTranslation',
 'weblate.machinery.tmserver.TMServerTranslation',
 'weblate.machinery.yandex.YandexTranslation',
 'weblate.machinery.saptranslationhub.SAPTranslationHub',
 'weblate.machinery.youdao.YoudaoTranslation',
 'weblate.machinery.ibm.IBMTranslation',
 'weblate.machinery.weblatetm.WeblateTranslation',
 'weblate.memory.machine.WeblateMemory')
WEBSITE_REQUIRED    
True
WSGI_APPLICATION    
None
X_FRAME_OPTIONS 
'DENY'
YEAR_MONTH_FORMAT   
'F Y'
You’re seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code.

How do you run Weblate?

weblate.org service

Weblate versions

• Weblate: 4.18.2
• Django: 4.2
• siphashc: 2.1
• translate-toolkit: 3.9.2
• lxml: 4.9.2
• Pillow: 9.5.0
• nh3: 0.2.14
• python-dateutil: 2.8.2
• social-auth-core: 4.4.2
• social-auth-app-django: 5.2.0
• django-crispy-forms: 2.0
• oauthlib: 3.2.2
• django-compressor: 4.4
• djangorestframework: 3.14.0
• django-filter: 23.2
• django-appconf: 1.0.5
• user-agents: 2.2.0
• filelock: 3.12.0
• rapidfuzz: 3.1.1
• openpyxl: 3.1.2
• celery: 5.3.1
• django-celery-beat: 2.5.0
• kombu: 5.3.1
• translation-finder: 2.15
• weblate-language-data: 2023.5
• html2text: 2020.1.16
• pycairo: 1.24.0
• PyGObject: 3.44.1
• diff-match-patch: 20230430
• requests: 2.28.2
• django-redis: 5.3.0
• hiredis: 2.2.3
• sentry-sdk: 1.28.0
• Cython: 0.29.36
• misaka: 2.1.1
• GitPython: 3.1.32
• borgbackup: 1.2.4
• pyparsing: 3.0.9
• pyahocorasick: 2.0.0
• python-redis-lock: 4.0.0
• charset-normalizer: 3.1.0
• Python: 3.8.10
• Git: 2.25.1
• phply: 1.2.6
• ruamel.yaml: 0.17.21
• tesserocr: 2.6.0
• boto3: 1.26.165
• zeep: 4.2.1
• aeidon: 1.12
• iniparse: 0.5
• Mercurial: 6.5
• git-review: 2.3.1
• Redis server: 5.0.7
• PostgreSQL server: 12.15
• Database backends: django.db.backends.postgresql
• Cache backends: default:RedisCache, avatar:FileBasedCache
• Email setup: django.core.mail.backends.smtp.EmailBackend: .net
• OS encoding: filesystem=utf-8, default=utf-8
• Celery: redis://localhost:6379, redis://localhost:6379, regular
• Platform: Linux 5.4.0-150-generic (x86_64)

Weblate deploy checks

No response

Additional context

No response

[nijel]

RelayState should be sent by Weblate to SAML IdP and then back to Weblate after authentication. You can check this is happening in your browser developer tools (Network tab). My wild guess would be that there is some redirect on the way which discards it.

[github-actions[bot]]

This issue has been marked as a question by a Weblate team member. Why? Because it belongs more to the professional Weblate Care or community Discussions than here. We strive to answer these reasonably fast here, too, but purchasing the support subscription is more responsible and faster for your business. And it makes Weblate stronger as well. Thanks!

In case your question is already answered, making a donation is the right way to say thank you!

[FrostKiwi]

RelayState should be sent by Weblate to SAML IdP and then back to Weblate after authentication. You can check this is happening in your browser developer tools (Network tab). My wild guess would be that there is some redirect on the way which discards it.

The very first request sent by Weblate after clicking the Login with SAML button is this 302 redirect: Followed by the next reply being from Microsoft, with the error message HTML:

@nijel So the theory goes, that this very first request doesn't make it somehow? So theory is: Weblate's python-social-auth makes the request, which makes it to microsoft, but microsofts reponse does not make it back? Our service is not reachable from the internet btw, intranet only.

[nijel]

Maybe Azure doesn't like that the return URL is not public? I have no clue, but this merely looks like a configuration/incompatibility issue on Azure side as it doesn't redirect back to Weblate to process authentication claim.

[FrostKiwi]

Maybe Azure doesn't like that the return URL is not public? I have no clue, but this merely looks like a configuration/incompatibility issue on Azure side as it doesn't redirect back to Weblate to process authentication claim.

Just confirmed, that there are other SAML users with non-public URLs. This is supposed to work even without public URLs, intranet only.

Let's check the following first: @nijel could you confirm or refute the following: <Weblate Domain>/accounts/complete/saml is supposed to throw an exception if you navigate to that view. MultiValueDictKeyError is the expected outcome of proper Weblate SAML configuration if you paste that URL into the browser.

[nijel]

That endpoint is supposed to be used only in the authentication flow and RelayState is supposed to be present there, so crashing is how it ends up. There is an upstream issue for this as well: https://github.com/python-social-auth/social-core/issues/632

[nijel]

Ah, there actually is also PR to covert this to missing error: https://github.com/python-social-auth/social-core/pull/818

[github-actions[bot]]

This issue has been automatically marked as stale because there wasn’t any recent activity.

It will be closed soon if no further action occurs.

Thank you for your contributions!

[nijel]

The crash will no longer happen with https://github.com/python-social-auth/social-core/pull/818