I'm trying to configure Google's SSO for my django app. Google is the Identity provider and my app is the Service provider. I'm using python3-saml for the SSO and I used the files like in the django demo. Whenever I click login, Google tries to login but it returns a 403 saying csrf verification has failed. Any idea where I should be looking?
For the files, I used the exact same as described in the demo mentioned above.
I 'fixed' it by bypassing the csrf check on the view using the decorator @csrf_exempt that rendered the response. The csrf cookie cannot be set because the POST came from a 3rd party (Google, in this particular case) and is not necessary here as SAML already checks the response. See: https://github.com/onelogin/python3-saml/issues/146