guitarmanvt / django-saml2-idp

Automatically exported from code.google.com/p/django-saml2-idp
5 stars 1 forks source link

SAMLRequest is lost if first login attempt fails #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. POST a SAML 2.0 AuthnRequest to the IdP
2. Fail to log in on the first attempt
3. Correctly log in on the second attempt

Instead of continuing with the login sequence, this error shows:

KeyError at /idp/login/continue/

'SAMLRequest'

This affects the latest revision in the "google-apps" branch, and probably the 
trunk as well.

Here's the stack trace:

Environment:

Request Method: GET
Request URL: http://127.0.0.1:8000/idp/login/continue/
Django Version: 1.2.3
Python Version: 2.6.5
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'saml2idp']
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware')

Traceback:
File "/usr/local/lib/python2.6/dist-packages/django/core/handlers/base.py" in 
get_response
  100.                     response = callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.6/dist-packages/django/contrib/auth/decorators.py" 
in _wrapped_view
  25.                 return view_func(request, *args, **kwargs)
File "/usr/local/lib/python2.6/dist-packages/django/views/decorators/csrf.py" 
in wrapped_view
  23.         resp = view_func(*args, **kwargs)
File "/home/john/code/saml/idp/idptest/saml2idp/views.py" in login_continue
  64.     msg = request.session['SAMLRequest']
File 
"/usr/local/lib/python2.6/dist-packages/django/contrib/sessions/backends/base.py
" in __getitem__
  46.         return self._session[key]

Exception Type: KeyError at /idp/login/continue/
Exception Value: 'SAMLRequest'

Original issue reported on code.google.com by j...@andersoninnovative.com on 9 Sep 2011 at 3:09

GoogleCodeExporter commented 9 years ago
This still appears to be happening, after tag 0.1. Does Django reset the 
session after a failed login? It may also be Django-version-specific.

Original comment by j...@andersoninnovative.com on 28 Sep 2011 at 8:24

GoogleCodeExporter commented 9 years ago
Fixed a while ago, but definitely by release 0.15.

Original comment by j...@andersoninnovative.com on 28 Jun 2012 at 6:59