diff --git a/passbook/sources/saml/processors/request.py b/passbook/sources/saml/processors/request.py index b2ce814bf..1582ffb1a 100644 --- a/passbook/sources/saml/processors/request.py +++ b/passbook/sources/saml/processors/request.py @@ -24,12 +24,15 @@ class RequestProcessor: source: SAMLSource http_request: HttpRequest + relay_state: str + request_id: str issue_instant: str - def __init__(self, source: SAMLSource, request: HttpRequest): + def __init__(self, source: SAMLSource, request: HttpRequest, relay_state: str): self.source = source self.http_request = request + self.relay_state = relay_state self.request_id = get_random_id() self.issue_instant = get_time_string() @@ -86,6 +89,7 @@ class RequestProcessor: "SAMLRequest": deflate_and_base64_encode( etree.tostring(auth_n_request).decode() ), + "RelayState": self.relay_state } if self.source.signing_kp: diff --git a/passbook/sources/saml/views.py b/passbook/sources/saml/views.py index ce7b5b97c..889099596 100644 --- a/passbook/sources/saml/views.py +++ b/passbook/sources/saml/views.py @@ -31,13 +31,10 @@ class InitiateView(View): if not source.enabled: raise Http404 relay_state = request.GET.get("next", "") - request.session["sso_destination"] = relay_state - auth_n_req = RequestProcessor(source, request) + auth_n_req = RequestProcessor(source, request, relay_state) # If the source is configured for Redirect bindings, we can just redirect there if source.binding_type == SAMLBindingTypes.Redirect: - url_params = auth_n_req.build_auth_n_detached() - url_params["RelayState"] = relay_state - url_args = urlencode(url_params) + url_args = urlencode(auth_n_req.build_auth_n_detached()) return redirect(f"{source.sso_url}?{url_args}") # As POST Binding we show a form saml_request = nice64(auth_n_req.build_auth_n())