Merge pull request #135 from edx/jb/saml-auth-redirect

fix: support for IdP initiated auth on login

Author: jono-booth

common/djangoapps/third_party_auth/models.py

@@ -803,7 +803,10 @@ def get_url_params(self):
 
     def is_active_for_pipeline(self, pipeline):
         """ Is this provider being used for the specified pipeline? """
-        return self.backend_name == pipeline['backend'] and self.slug == pipeline['kwargs']['response']['idp_name']
+        try:
+            return self.backend_name == pipeline['backend'] and self.slug == pipeline['kwargs']['response']['idp_name']
+        except KeyError:
+            return False
 
     def match_social_auth(self, social_auth):
         """ Is this provider being used for this UserSocialAuth entry? """

openedx/core/djangoapps/user_authn/views/login_form.py

@@ -197,9 +197,15 @@ def login_and_registration_form(request, initial_mode="login"):
     saml_provider = False
     running_pipeline = pipeline.get(request)
     if running_pipeline:
-        saml_provider, __ = third_party_auth.utils.is_saml_provider(
-            running_pipeline.get('backend'), running_pipeline.get('kwargs')
-        )
+        backend_name = running_pipeline.get('backend')
+        if backend_name == 'tpa-saml':
+            # Directly detect SAML backend to avoid registry lookup failures
+            # (e.g. when pipeline kwargs lack response['idp_name'] at this point).
+            saml_provider = True
+        else:
+            saml_provider, __ = third_party_auth.utils.is_saml_provider(
+                backend_name, running_pipeline.get('kwargs')
+            )
 
     enterprise_customer = enterprise_customer_for_request(request)