Giuseppe De Marco

icon company @teamdigitale icon location A hacker does for love what others would not do for money.

Results 279 comments of Giuseppe De Marco

The SAML logout did not complete properly.

you can disable the signature check if you need

The SAML logout did not complete properly.

I think that you should share the IDP metadata here, we should have to check which are the logout endpoints and their binding and then check in djangosaml2 if something...

Understanding the use of /saml2/metadata

To enable a sp to request an authentication to an idp the RP have to save the idp metadata in its metadata storie (you have configured a local folder, so...

Understanding the use of /saml2/metadata

you can inherit class AssertionConsumerServiceView and overload this method https://github.com/IdentityPython/djangosaml2/blob/16bb169f894069fc350913cd36acc05c827f7a2f/djangosaml2/views.py#L601 then you just have to point to your class in your project urls.py https://github.com/IdentityPython/djangosaml2/blob/master/tests/testprofiles/urls.py related to https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/urls.py

Understanding the use of /saml2/metadata

feel free to push your contribution in the documentation with a PR to help other developers to get a better understanding of the internal API

Understanding the use of /saml2/metadata

In the current documentation we may have a section related to your use case and how you implemented it, few lines of text that points to the inheritance of the...

Loss of session data after log in

We have a specialized cookie (samesite resistant) here https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/middleware.py as we can read it, we use this cookie https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/views.py here we authenticate the user after a succesfull saml2 authentication https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/views.py#L553...

Loss of session data after log in

This aspect is covered in the docs, here https://github.com/IdentityPython/djangosaml2/blob/master/docs/source/contents/setup.rst#samesite-cookie However I believe that your proposal is interesting, would you like to push a contribution and enable the warning message if...

Pass the current http.request to the _update_user backend hook

Please devo-devo, can you improve the documentation of djangosaml2, including this additional feature and a short description of your implementation use case and how you did it with the release...

project support

I'm actually focused on uniAuth, that started as a fork of djangosaml2idp https://github.com/UniversitaDellaCalabria/uniAuth