pythondjangosamldjango-saml2-auth

Python Django ModelViewSet implementation with SAML ACS


In the current system with the legacy IAM, we have implemented a class inherited from ModelViewSet with login and logout functions. In the legacy IAM, it is not compulsory to obtain name_id and session_index to logout. Therefore, we can bypass acs (a.k.a. assertion_consumer_service) to obtain these information and go straight to the logout.

Now, a new IAM system is deployed and we need to extend the current implementation to support both login and logout (along with acs). name_id and session_index shall be provided in LogoutRequest. Given we have different set of URLs for

  1. login/logout: https://example.com/saml2/account/[login|logout]
  2. acs: https://example.com/saml2/sso/acs

How can we update the following code to support the callback from acs so that we can save the name_id and session_index?

urls.py

router = DefaultRouter()
router.register("saml2/account", Saml2AccountView, basename="account")
urlpatterns = [
    url("", include(router.urls)),
]

views.py

class Saml2AccountView(viewsets.ModelViewSet):
    @action(detail=False, methods=['get'])
    def login(self, request, *args, **kwargs):
        # implement the login function

    @action(detail=False, methods=['get'])
    def logout(self, request, *args, **kwargs):
        # implement the logout function

NOTE: We are using https://pypi.org/project/django-saml2-auth/ for the SAML implementation with the login/logout.


Solution

  • Please try to add following method in the Saml2AccountView class:

    class Saml2AccountView(viewsets.ModelViewSet):
        @action(detail=False, methods=['get'])
        def acs(request, *args, **kwargs):
            # implement the acs function
    

    And add the following in urls.py:

    urlpatterns = [
        path("saml2/account", Saml2AccountView.acs),
    ]