If debug enable, print reason for the SAMLResponse invalidation

Author: pitbulk

demo-django/demo/views.py

@@ -33,6 +33,7 @@ def index(request):
     req = prepare_django_request(request)
     auth = init_saml_auth(req)
     errors = []
+    error_reason = None
     not_auth_warn = False
     success_slo = False
     attributes = False
@@ -56,12 +57,16 @@ def index(request):
         auth.process_response()
         errors = auth.get_errors()
         not_auth_warn = not auth.is_authenticated()
+
         if not errors:
             request.session['samlUserdata'] = auth.get_attributes()
             request.session['samlNameId'] = auth.get_nameid()
             request.session['samlSessionIndex'] = auth.get_session_index()
             if 'RelayState' in req['post_data'] and OneLogin_Saml2_Utils.get_self_url(req) != req['post_data']['RelayState']:
                 return HttpResponseRedirect(auth.redirect_to(req['post_data']['RelayState']))
+        else:
+            if auth.get_settings().is_debug_active():
+                error_reason = auth.get_last_error_reason()
     elif 'sls' in req['get_data']:
         dscb = lambda: request.session.flush()
         url = auth.process_slo(delete_session_cb=dscb)
@@ -77,7 +82,7 @@ def index(request):
         if len(request.session['samlUserdata']) > 0:
             attributes = request.session['samlUserdata'].items()
 
-    return render(request, 'index.html', {'errors': errors, 'not_auth_warn': not_auth_warn, 'success_slo': success_slo,
+    return render(request, 'index.html', {'errors': errors, 'error_reason': error_reason, 'not_auth_warn': not_auth_warn, 'success_slo': success_slo,
                                           'attributes': attributes, 'paint_logout': paint_logout})        
 
 

demo-django/templates/index.html

@@ -10,6 +10,9 @@
           <li>{{err}}</li>
         {% endfor %}
     </ul>
+    {% if error_reason %}
+      <p><b>Reason:</b> {{error_reason}}</p>
+    {% endif %}
   </div>
 {% endif %}