i am using django-saml2-auth 2.2.1 to authenticate users logging into my django web apps.
before i was doing this, i was using a regular username/password login form.
in settings.py, I had this
LOGIN_URL = reverse_lazy('myapp:login')
and an appropriate url in urls.py. I decorated my view with @login_required, and it worked well. When users that were not logged in, and they went to that view (url = /my-page/, they were redirected to the login page, and after login, redirected back to /my-page/. all was good.
then i switched to django-saml2-auth. i have a new LOGIN_URL = '/okta/login'
and this urls.py:
path("okta/login/", django_saml2_auth.views.signin, name='django_saml2_auth.views.signin'),
logging in works well. But users are always redirected to '/'. i have debugged django_saml2_auth.views.signin with logging. the end of the view is like this now:
logger.debug(f"django-saml2-auth:redirect_url: {redirect_url}")
return HttpResponseRedirect(redirect_url)
the output url in the log looks correct. there is a RelayState followed by the correct redirect
RelayState=%2my-page%2F
so, i can't figure out why the user actually ends up at '/' instead. any ideas on how i can do more debugging. I can't see how something else is redirecting to the homepage after django_saml2_auth.views.signin sends the user to the right place. or is it the right place?
