Unsupported Binding exception in SLO

peppelinux · peppelinux · commit 5c1d1468e794 · 2021-06-20T23:36:55.000+02:00
There's the possibility that an IdP doesn't support the SLO, added an exception handling as a workaround for this. Now we have in the log something like: ```` Unsupported binding: None (https://172.17.0.1:10000/Saml2IDP/metadata) Error Handled - SLO - unsupported binding by IDP: None Traceback (most recent call last): File "~/DEV/IdentityPython/env/lib/python3.8/site-packages/djangosaml2/views.py", line 601, in get result = client.global_logout(subject_id) File "~/DEV/IdentityPython/env/lib/python3.8/site-packages/saml2/client.py", line 210, in global_logout return self.do_logout( File "~/DEV/IdentityPython/env/lib/python3.8/site-packages/djangosaml2/overrides.py", line 25, in do_logout return super().do_logout(*args, **kwargs) File "~/DEV/IdentityPython/env/lib/python3.8/site-packages/saml2/client.py", line 259, in do_logout bindings_slo_supported = self.metadata.single_logout_service( File "~/DEV/IdentityPython/env/lib/python3.8/site-packages/saml2/mdstore.py", line 1236, in single_logout_service return self.service(entity_id, "%s_descriptor" % typ, File "~/DEV/IdentityPython/env/lib/python3.8/site-packages/saml2/mdstore.py", line 1147, in service raise UnsupportedBinding(binding) saml2.s_utils.UnsupportedBinding: None ````
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
@@ -596,18 +596,25 @@ def get(self, request, *args, **kwargs):
             logger.warning(
                 'The session does not contain the subject id for user %s', request.user)
 
+        _error = None
         try:
             result = client.global_logout(subject_id)
         except LogoutError as exp:
             logger.exception(
                 'Error Handled - SLO not supported by IDP: {}'.format(exp))
-            auth.logout(request)
-            state.sync()
-            return self.handle_unsupported_slo_exception(request, exp)
+            _error = exp
+        except UnsupportedBinding as exp:
+            logger.exception(
+                'Error Handled - SLO - unsupported binding by IDP: {}'.format(exp))
+            _error = exp
 
         auth.logout(request)
         state.sync()
 
+        if _error:
+            return self.handle_unsupported_slo_exception(request, _error)
+
+
         if not result:
             logger.error(
                 "Looks like the user %s is not logged in any IdP/AA", subject_id)
