ACS custom_validation method for additional checks

peppelinux · peppelinux · commit 86fc56dc182d · 2021-03-21T02:36:32.000+01:00
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
@@ -302,6 +302,9 @@ class AssertionConsumerServiceView(SPConfigMixin, View):
         though some implementations may instead register their own subclasses of Saml2Backend.
     """
 
+    def custom_validation(self, response):
+        pass
+
     def handle_acs_failure(self, request, exception=None, status=403, **kwargs):
         """ Error handler if the login attempt fails. Override this to customize the error response.
         """
@@ -384,6 +387,12 @@ def post(self, request, attribute_mapping=None, create_unknown_user=None):
             logger.warning("Invalid SAML Assertion received (unknown error).")
             return self.handle_acs_failure(request, status=400, exception=SuspiciousOperation('Unknown SAML2 error'))
 
+        try:
+            self.custom_validation(response)
+        except Exception as e:
+            logger.warning("SAML Response validation error: {e}")
+            return self.handle_acs_failure(request, status=400, exception=SuspiciousOperation('SAML2 validation error'))
+
         session_id = response.session_id()
         oq_cache.delete(session_id)
 
