Allow to customize the IDP views login redirect

djangosaml2idp/views.py

@@ -37,6 +37,14 @@
 User = get_user_model()
 
 
+class CustomLoginRequiredMixin(LoginRequiredMixin):
+    def get_login_url(self):
+        if hasattr(settings, "SAML_IDP_LOGIN_URL"):
+            return str(settings.SAML_IDP_LOGIN_URL)
+        else:
+            return super().get_login_url()
+
+
 def store_params_in_session(request: HttpRequest) -> None:
     """ Gathers the SAML parameters from the HTTP request and store them in the session
     """
@@ -219,7 +227,7 @@ def render_response(self, request: HttpRequest, html_response, processor: BasePr
 
 
 @method_decorator(never_cache, name='dispatch')
-class LoginProcessView(LoginRequiredMixin, IdPHandlerViewMixin, View):
+class LoginProcessView(CustomLoginRequiredMixin, IdPHandlerViewMixin, View):
     """ View which processes the actual SAML request and returns a self-submitting form with the SAML response.
         The login_required decorator ensures the user authenticates first on the IdP using 'normal' ways.
     """
@@ -269,7 +277,7 @@ def get(self, request, *args, **kwargs):
 
 
 @method_decorator(never_cache, name='dispatch')
-class SSOInitView(LoginRequiredMixin, IdPHandlerViewMixin, View):
+class SSOInitView(CustomLoginRequiredMixin, IdPHandlerViewMixin, View):
     """ View used for IDP initialized login, doesn't handle any SAML authn request
     """
 
@@ -312,7 +320,7 @@ def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
 
 
 @method_decorator(never_cache, name='dispatch')
-class ProcessMultiFactorView(LoginRequiredMixin, View):
+class ProcessMultiFactorView(CustomLoginRequiredMixin, View):
     """ This view is used in an optional step is to perform 'other' user validation, for example 2nd factor checks.
         Override this view per the documentation if using this functionality to plug in your custom validation logic.
     """
@@ -337,7 +345,7 @@ def get(self, request: HttpRequest, *args, **kwargs):
 
 
 @method_decorator([never_cache, csrf_exempt], name='dispatch')
-class LogoutProcessView(LoginRequiredMixin, IdPHandlerViewMixin, View):
+class LogoutProcessView(CustomLoginRequiredMixin, IdPHandlerViewMixin, View):
     """ View which processes the actual SAML Single Logout request
         The login_required decorator ensures the user authenticates first on the IdP using 'normal' way.
     """

docs/configuration.rst

@@ -105,3 +105,7 @@ The default value for the fields ``processor`` and ``attribute_mapping`` can be
 
     SAML_IDP_SP_FIELD_DEFAULT_PROCESSOR = 'djangosaml2idp.processors.BaseProcessor'
     SAML_IDP_SP_FIELD_DEFAULT_ATTRIBUTE_MAPPING = {"email": "email", "first_name": "first_name", "last_name": "last_name", "is_staff": "is_staff", "is_superuser": "is_superuser"}
+
+The djangosaml2idp views are composed with the Django [LoginRequiredMixin](https://docs.djangoproject.com/en/3.1/topics/auth/default/#the-loginrequired-mixin). In case there is a need to customize the *login_url* member for this set of views, it can be done through :
+
+    SAML_IDP_LOGIN_URL = '/custom/login/for/saml/idp/'

tests/test_views.py

@@ -1,4 +1,3 @@
-import base64
 from urllib import parse
 
 import pytest
@@ -18,6 +17,7 @@
 from djangosaml2idp.models import ServiceProvider
 from djangosaml2idp.processors import BaseProcessor
 from djangosaml2idp.utils import encode_saml
+import djangosaml2idp.views
 from djangosaml2idp.views import (BINDING_HTTP_POST, BINDING_HTTP_REDIRECT,
                                   IdPHandlerViewMixin, LoginProcessView,
                                   LogoutProcessView, ProcessMultiFactorView,
@@ -470,6 +470,15 @@ def test_requires_authentication(self, logged_in_request):
         assert isinstance(response, HttpResponseRedirect)
         assert response.url == '/accounts/login/?next='
 
+    @pytest.mark.django_db
+    def test_requires_authentication_custom_redirect(self, settings, logged_in_request):
+        logout(logged_in_request)
+
+        settings.SAML_IDP_LOGIN_URL = '/custom/login/'
+        response = LoginProcessView.as_view()(logged_in_request)
+        assert isinstance(response, HttpResponseRedirect)
+        assert response.url == '/custom/login/?next='
+
     @pytest.mark.django_db
     def test_goes_through_normally_redirect(self, sp_metadata_xml, saml_login_request_factory, logged_in_request):
         ServiceProvider.objects.create(entity_id='test_generic_sp', local_metadata=sp_metadata_xml)
@@ -522,6 +531,15 @@ def test_requires_authentication(self, logged_in_request):
         assert isinstance(response, HttpResponseRedirect)
         assert response.url == '/accounts/login/?next='
 
+    @pytest.mark.django_db
+    def test_requires_authentication_custom_redirect(self, settings, logged_in_request):
+        logout(logged_in_request)
+
+        settings.SAML_IDP_LOGIN_URL = '/custom/login/'
+        response = SSOInitView.as_view()(logged_in_request)
+        assert isinstance(response, HttpResponseRedirect)
+        assert response.url == '/custom/login/?next='
+
 
 class TestGetMultifactor:
     @pytest.mark.django_db