Skip to main content

Django SAML2 Plugin for URL redirection on Logout (usually to an IdP logout)

Project description

django-saml2-auth-signout-redirect

A plugin to redirect users to a URL (usually an ADFS logout URL) in django-saml2-auth

Introduction

By default, django-saml2-auth only signs out users in the local Django application. For security reasons, the logout needs to be passed to the IdP (identity provider). Otherwise, a user who clicks the login button will be logged in again without providing a password (or otherwise). If you are able to sign the request (i.e. provide a cert and key), please see django-saml2-auth-signout-slo. If you are not able -- or do not want -- to sign the logout request, this plugin is your next-best option. Instead of a true Single SignOut, this plugin will let you redirect the user to the IdP's logout page, defaulting to the ADFS idpinitiatedsignin page.

Example

In settings.py:

INSTALLED_APPS += (
    ...
    'django_saml2_auth',
    # ensure the plugin is loaded
    'django_saml2_auth_signout_redirect',
    ...
)

# this is the "usual" config object from django-saml2-auth
SAML2_AUTH = {
    'DEFAULT_NEXT_URL': '/',
    'PLUGINS': {
        # use this package in lieu of DEFAULT signout plugin 
        'SINGOUT': ['REDIRECT'],
    },
    # optionally specify the URL
    'LOGOUT_REDIRECT_URL': 'https://<idp.com>/<logout>
}

ADFS

By default, this package redirects a user to <SSO Endpoint>/idpinitiatedsignon.aspx which provides manual login/logout on ADFS servers. Unless you're using an unconventional SSO path, this should work out-of-the-box.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page