From e754433db78fdd7f5933385fb7a1d862ca60dd6d Mon Sep 17 00:00:00 2001
From: Mostafa Moradian <mostafa@loadimpact.com>
Date: Thu, 21 Jan 2021 13:53:39 +0100
Subject: [PATCH] [fix] Remove dependency on RelayState for IdP-initiated login

---
 django_saml2_auth/views.py | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
index 7c86a6b..d087cbf 100644
--- a/django_saml2_auth/views.py
+++ b/django_saml2_auth/views.py
@@ -69,19 +69,17 @@ def acs(request: HttpRequest):
     # If RelayState params is passed, it is a JWT token that identifies the user trying to login
     # via sp_initiated_login endpoint
     relay_state = request.POST.get("RelayState")
-    redirected_user_id = None
-    saml_resp_user_id = get_user_id(user)
     if relay_state:
         redirected_user_id = decode_jwt_token(relay_state)
 
-    # This prevents users from entering an email on the SP, but use a different email on IdP
-    if saml_resp_user_id != redirected_user_id:
-        raise SAMLAuthError("The user identifier doesn't match.", extra={
-            "exc_type": ValueError,
-            "error_code": USER_MISMATCH,
-            "reason": "User identifier mismatch.",
-            "status_code": 403
-        })
+        # This prevents users from entering an email on the SP, but use a different email on IdP
+        if get_user_id(user) != redirected_user_id:
+            raise SAMLAuthError("The user identifier doesn't match.", extra={
+                "exc_type": ValueError,
+                "error_code": USER_MISMATCH,
+                "reason": "User identifier mismatch.",
+                "status_code": 403
+            })
 
     is_new_user, target_user = get_or_create_user(user)