If debug enable, print reason for the SAMLResponse invalidation

Author: pitbulk

demo-django/demo/views.py

@@ -34,6 +34,7 @@ def index(request):
     req = prepare_django_request(request)
     auth = init_saml_auth(req)
     errors = []
+    error_reason = None
     not_auth_warn = False
     success_slo = False
     attributes = False
@@ -70,6 +71,7 @@ def index(request):
         auth.process_response(request_id=request_id)
         errors = auth.get_errors()
         not_auth_warn = not auth.is_authenticated()
+
         if not errors:
             if 'AuthNRequestID' in request.session:
                 del request.session['AuthNRequestID']
@@ -78,6 +80,9 @@ def index(request):
             request.session['samlSessionIndex'] = auth.get_session_index()
             if 'RelayState' in req['post_data'] and OneLogin_Saml2_Utils.get_self_url(req) != req['post_data']['RelayState']:
                 return HttpResponseRedirect(auth.redirect_to(req['post_data']['RelayState']))
+        else:
+            if auth.get_settings().is_debug_active():
+                error_reason = auth.get_last_error_reason()
     elif 'sls' in req['get_data']:
         request_id = None
         if 'LogoutRequestID' in request.session:
@@ -96,7 +101,7 @@ def index(request):
         if len(request.session['samlUserdata']) > 0:
             attributes = request.session['samlUserdata'].items()
 
-    return render(request, 'index.html', {'errors': errors, 'not_auth_warn': not_auth_warn, 'success_slo': success_slo,
+    return render(request, 'index.html', {'errors': errors, 'error_reason': error_reason, not_auth_warn: not_auth_warn, 'success_slo': success_slo,
                                           'attributes': attributes, 'paint_logout': paint_logout})
 
 

demo-django/templates/index.html

@@ -10,6 +10,9 @@
           <li>{{err}}</li>
         {% endfor %}
     </ul>
+    {% if error_reason %}
+      <p><b>Reason:</b> {{error_reason}}</p>
+    {% endif %}
   </div>
 {% endif %}