Reputation: 1926
Django SAML logout failing
In my Django project I use python3-saml to login with SSO. The login works like expected but the logout is failing with an error message 'No hostname defined'. I really don't know how to solve this as the only parameter passed to logout is the request and request is missing 'http_host' and 'server_name', read here.
My logout part looks like following:
def get(self, request, pkuser=None):
try:
get_user_model().objects.get(pk=pkuser)
except get_user_model().DoesNotExist:
return redirect('HomePage')
logger = logging.getLogger('iam')
logger.info('IAM logout')
auth = OneLogin_Saml2_Auth(request, custom_base_path=settings.SAML_FOLDER)
logger.info('account logout')
# OneLogin_Saml2_Utils.delete_local_session()
try:
auth.logout(
name_id=request.session['samlNameId'],
session_index=request.session['samlSessionIndex'],
nq=request.session['samlNameIdNameQualifier'],
name_id_format=request.session['samlNameIdFormat'],
spnq=request.session['samlNameIdSPNameQualifier']
)
logger.info('account logout success')
OneLogin_Saml2_Utils.delete_local_session()
logger.info('account logout: deleted local session')
except Exception as e:
logger.info('account logout failed: {}'.format(str(e)))
logout(request)
return redirect('HomePage')
Maybe I'm using the wrong package...? Any help or advice will be appreciated.
Upvotes: 2
Views: 618
Answers (2)
Reputation: 2288
In the handler for your ACS URL you will also be creating an object from OneLogin_Saml2_Auth(), which theoretically is working. Check if the setup for the request to that is different to the setup here.
One thing that stands out between this and my code is that my one has a line prior to the constructor request_annotated = saml2_prepare_request(request) (all the names in this line will likely be different for you other than request, but the format would remain the same) where you are passing request_annotated to the OneLogin_Saml2_Auth constructor rather than request. If so, duplicate that line. The library is expecting that there are some specific things annotated to the request dictionary. The code for this function in my Django is:
def saml2_prepare_request(request):
return {
'http_host': request.META['HTTP_HOST'],
'script_name': request.META['PATH_INFO'],
'server_port': request.META['SERVER_PORT'],
'get_data': request.GET.copy(),
'post_data': request.POST.copy()
}
Upvotes: 1
Reputation: 625
I think this is happening because the logout method is missing http_host and server_name.
To fix this issue modify the request object to include the http_host and server_name attributes before calling the logout method.
def get(self, request, pkuser=None):
try:
get_user_model().objects.get(pk=pkuser)
except get_user_model().DoesNotExist:
return redirect('HomePage')
logger = logging.getLogger('iam')
logger.info('IAM logout')
auth = OneLogin_Saml2_Auth(request, custom_base_path=settings.SAML_FOLDER)
logger.info('account logout')
request.http_host = 'your_http_host'
request.server_name = 'your_server_name'
try:
auth.logout(
name_id=request.session['samlNameId'],
session_index=request.session['samlSessionIndex'],
nq=request.session['samlNameIdNameQualifier'],
name_id_format=request.session['samlNameIdFormat'],
spnq=request.session['samlNameIdSPNameQualifier']
)
logger.info('account logout success')
OneLogin_Saml2_Utils.delete_local_session()
logger.info('account logout: deleted local session')
except Exception as e:
logger.info('account logout failed: {}'.format(str(e)))
logout(request)
return redirect('HomePage')
Upvotes: 1
Related Questions
- Django SAML Auth giving error as Sorry, you are not allowed to access this app
- SAML with Django authentication
- Onelogin with Django: Receiving a GET when I would expect a POST
- Django logout problem
- Logout not working Django 1.9
- Django TypeError: logout() takes at least 1 argument (1 given)
- SSO implementation using djangosaml2
- Spring SAML - Global logout not working after hitting URL '/saml/logout'
- Why can't I logout on django user auth?
- Session termination in single logout using SAML