You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're getting 'NoneType' object has no attribute 'name_qualifier' when using the saml logout view when the account is a local account (not logged in through saml but through regular django login).
Issue #72 was exactly describing this and was marked as fixed, and has a comment with someone experiencing this after closing, so it looks like a regression.
From the code, it seems like the case where the user has no associated saml session is thought of (it logs a warning), but then not handled (it still runs code to logout from that session).
Yes, that issue should not have been closed.
I think that's trivial handling this kind of exception by using also a logger.info that evidences that the user was succesfully logged out without any preexisting SAML2 session
there are some cases where the logout requires a preexistent user session, while the session cookie is not returned back to the SP, in these cases is important give awareness to the implemeters about this, otherwise it would be possibile for an IDP issues a SAML2 logout request and get SP's user be logged out
there are also several considerationbs to be made in cases where the user has multiple sessions and a saml2 logout request may require the logout of all those session.
Could I ask you to bring some proposal to be discussed in this thread and work on a PR to definitively resolve this issue?
djangosaml2 is a community driven project that lives thanks to the community, your participation if the fuel of this project, thank you for this @olivierdalang
Hey ! Thanks for this great library !!
We're getting
'NoneType' object has no attribute 'name_qualifier'
when using the saml logout view when the account is a local account (not logged in through saml but through regular django login).Issue #72 was exactly describing this and was marked as fixed, and has a comment with someone experiencing this after closing, so it looks like a regression.
From the code, it seems like the case where the user has no associated saml session is thought of (it logs a warning), but then not handled (it still runs code to logout from that session).
See: https://github.com/IdentityPython/djangosaml2/blob/1be79465fbf3cc9e2d1685af4639a54ba4d22568/djangosaml2/views.py#L707-L715C43
Affected version: 1.9.2 (django 5.0.4)
Cheers
The text was updated successfully, but these errors were encountered: