Redirect loop with Mezzanine

We're trying to integrate Okta into our website auth using this plugin, and on our test setup running vanilla Django, it worked perfectly using the instructions in the README.

Once we tried doing it in Mezzanine, our CMS of choice, we get a constant redirect loop to http://127.0.0.1:8000/saml2_auth/acs where 127.0.0.1:8000 is our test host. It seems that Okta sends us back to /admin, which then kicks us back to saml2_auth/acs, which goes back to Okta in an infinite loop. You can see dozens of successful logins in a matter of seconds in our Okta logs.

We've traced views.acs and it makes it to the final redirect, but I don't know if it's something in Mezzanine that expects a certain flag to say a user is authenticated or what. I haven't ruled out this being a Mezzanine issue, but wanted to start here.

My config:

SAML2_AUTH = {
    # Metadata is required, choose either remote url or local file path
    'METADATA_AUTO_CONF_URL': 'https://FOO.okta.com/app/BAR/sso/saml/metadata',

    # Optional settings below
    'DEFAULT_NEXT_URL': '/admin', 
    'CREATE_USER': 'TRUE', 
    'NEW_USER_PROFILE': {
        'USER_GROUPS': [],  # The default group name when a new user logs in
        'ACTIVE_STATUS': True,  # The default active status for new users
        'STAFF_STATUS': True,  # The staff status for new users
        'SUPERUSER_STATUS': True,  # The superuser status for new users
    },
    'ATTRIBUTES_MAP': {  
        'email': 'email',
        'username': 'username',
        'first_name': 'firstname',
        'last_name': 'lastname',
        'phone': 'phone',
        'title': 'title'
    },
    'ASSERTION_URL': 'http://127.0.0.1:8000', # Custom URL to validate incoming SAML requests against
    'ENTITY_ID': 'http://127.0.0.1:8000/saml2_auth/acs/', # Populates the Issuer element in authn request
    'USE_JWT': False,
}

fangli / django-saml2-auth

Redirect loop with Mezzanine #91