Shibboleth.sso/Login requires redirect url as ?target=url, not as ?next=url

[KonstantinSchubert]

I have set the LOGIN_URL to mydomain/Shibboleth.sso/Login

If I enter

mydomain/Shibboleth.sso/Login?target=redirectUrl 

I am being redirected corretly. Juding from my browser history, the automatic link created by this package is

mydomain/Shibboleth.sso/Login?next=redirectUrl

Strangely enough, I can't find the bug in the code, so it might as well have another cause.

See documentation here https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters

This might be different for older versions of shibboleth.

[KonstantinSchubert]

I am having the suspicion that in my views, the @login_required - wrapper activates the redirect of the default django login system instead of the django-shibboleth-remoteuser. I have the suspicion that this default login system is responsible for creating the malformed redirect url.

[lawlesst]

I'll look into the target vs. next issue. Target works for us. This probably needs to be configurable.

For your second question, the default auth shouldn't be a problem. I don't deactivate it for our projects. Could you paste a snippet here showing how you are using it?

[KonstantinSchubert]

Target works for me as well, the issue is that something in my software stack writes the url incorrectly with "?next="

mydomain/Shibboleth.sso/Login?next=redirectUrl

(See screenshot:
)

. Here are the relevant parts of my settings.py: http://pastebin.com/6zL6Nmb6

So I am trying to find the stupid thing that puts "next" in this url. Because your code correctly uses "target" : https://github.com/KonstantinSchubert/django-shibboleth-remoteuser/blob/master/shibboleth/views.py#L56

[KonstantinSchubert]

The issue is solved if I replace

@login_required

with

@login_required(redirect_field_name='target')

The default value seems to be

django.contrib.auth.REDIRECT_FIELD_NAME='next' 

it might be possible to change this globlly in the settings. I tried adding

from django.contrib.auth import REDIRECT_FIELD_NAME
REDIRECT_FIELD_NAME = 'target'

but it had no effect.

[KonstantinSchubert]

I think there is a better way to solve this: Make use of the login-view when logging in. The user should be routet via /shib/login/ in the same way it happens during the logout.

[jrhoads]

It has been a couple of years since this issue was submitted (as well as the PR). @bcail and @KonstantinSchubert do you think this is still an issue or have things changed?

[audiolion]

?next= definitely does not work with default Shibboleth implementations, it expects it to be ?target=

[ghost]

Uncertain if the conditions are the same as OP, but this happens when the admin site is protected by Shibboleth. Basically, follow the setup in the readme with /admin in the Shibbolized Location directive, and add a urlconf like url(r'^admin/login/$', RedirectView.as_view(url=settings.LOGIN_URL, permanent=False, query_string=True)). This generates a redirect to the IdP with ?next= as parameter.

In this particular case, it seems to be due to a combination of an admin quirk (it does not honor LOGIN_URL) and not being able to pass redirect_field_name to RedirectView