sources/saml: automatically add RelayState to build_auth_n_detached

passbook/sources/saml/processors/request.py

@@ -24,12 +24,15 @@ class RequestProcessor:
     source: SAMLSource
     http_request: HttpRequest
 
+    relay_state: str
+
     request_id: str
     issue_instant: str
 
-    def __init__(self, source: SAMLSource, request: HttpRequest):
+    def __init__(self, source: SAMLSource, request: HttpRequest, relay_state: str):
         self.source = source
         self.http_request = request
+        self.relay_state = relay_state
         self.request_id = get_random_id()
         self.issue_instant = get_time_string()
 
@@ -86,6 +89,7 @@ class RequestProcessor:
             "SAMLRequest": deflate_and_base64_encode(
                 etree.tostring(auth_n_request).decode()
             ),
+            "RelayState": self.relay_state
         }
 
         if self.source.signing_kp:

passbook/sources/saml/views.py

@@ -31,13 +31,10 @@ class InitiateView(View):
         if not source.enabled:
             raise Http404
         relay_state = request.GET.get("next", "")
-        request.session["sso_destination"] = relay_state
-        auth_n_req = RequestProcessor(source, request)
+        auth_n_req = RequestProcessor(source, request, relay_state)
         # If the source is configured for Redirect bindings, we can just redirect there
         if source.binding_type == SAMLBindingTypes.Redirect:
-            url_params = auth_n_req.build_auth_n_detached()
-            url_params["RelayState"] = relay_state
-            url_args = urlencode(url_params)
+            url_args = urlencode(auth_n_req.build_auth_n_detached())
             return redirect(f"{source.sso_url}?{url_args}")
         # As POST Binding we show a form
         saml_request = nice64(auth_n_req.build_auth_n())