From 099197ba8cbcae8658fcde16caa2a8be16f011ae Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 16 Feb 2021 21:11:14 +0100
Subject: [PATCH] providers/saml: fix AuthnRequestsSigned and
 WantAssertionsSigned not loaded correctly

---
 authentik/admin/views/utils.py                         | 2 ++
 authentik/policies/api.py                              | 4 +++-
 authentik/providers/saml/processors/metadata_parser.py | 6 ++++--
 authentik/providers/saml/views/metadata.py             | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/authentik/admin/views/utils.py b/authentik/admin/views/utils.py
index bec33e4c3..1eda77d6c 100644
--- a/authentik/admin/views/utils.py
+++ b/authentik/admin/views/utils.py
@@ -18,6 +18,8 @@ from authentik.lib.views import CreateAssignPermView
 class DeleteMessageView(SuccessMessageMixin, DeleteView):
     """DeleteView which shows `self.success_message` on successful deletion"""
 
+    success_url = "/"
+
     def delete(self, request, *args, **kwargs):
         messages.success(self.request, self.success_message)
         return super().delete(request, *args, **kwargs)
diff --git a/authentik/policies/api.py b/authentik/policies/api.py
index c83eab3ce..7f179d330 100644
--- a/authentik/policies/api.py
+++ b/authentik/policies/api.py
@@ -118,7 +118,9 @@ class PolicyBindingSerializer(ModelSerializer):
 class PolicyBindingViewSet(ModelViewSet):
     """PolicyBinding Viewset"""
 
-    queryset = PolicyBinding.objects.all().select_related("policy", "target", "group", "user")
+    queryset = PolicyBinding.objects.all().select_related(
+        "policy", "target", "group", "user"
+    )
     serializer_class = PolicyBindingSerializer
     filterset_fields = ["policy", "target", "enabled", "order", "timeout"]
     search_fields = ["policy__name"]
diff --git a/authentik/providers/saml/processors/metadata_parser.py b/authentik/providers/saml/processors/metadata_parser.py
index 3f392b4c4..d17ebaaaa 100644
--- a/authentik/providers/saml/processors/metadata_parser.py
+++ b/authentik/providers/saml/processors/metadata_parser.py
@@ -134,8 +134,10 @@ class ServiceProviderMetadataParser:
         # For now we'll only look at the first descriptor.
         # Even if multiple descriptors exist, we can only configure one
         descriptor = sp_sso_descriptors[0]
-        auth_n_request_signed = descriptor.attrib["AuthnRequestsSigned"]
-        assertion_signed = descriptor.attrib["WantAssertionsSigned"]
+        auth_n_request_signed = (
+            descriptor.attrib["AuthnRequestsSigned"].lower() == "true"
+        )
+        assertion_signed = descriptor.attrib["WantAssertionsSigned"].lower() == "true"
 
         acs_services = descriptor.findall(
             f"{{{NS_SAML_METADATA}}}AssertionConsumerService"
diff --git a/authentik/providers/saml/views/metadata.py b/authentik/providers/saml/views/metadata.py
index fe50ca3f4..3cf24b2db 100644
--- a/authentik/providers/saml/views/metadata.py
+++ b/authentik/providers/saml/views/metadata.py
@@ -54,7 +54,7 @@ class MetadataImportView(LoginRequiredMixin, FormView):
 
     form_class = SAMLProviderImportForm
     template_name = "providers/saml/import.html"
-    success_url = ""
+    success_url = "/"
 
     def dispatch(self, request, *args, **kwargs):
         if not request.user.is_superuser: