From 5dcbae0b379cc78373cb55a84d66e96cfb2199e1 Mon Sep 17 00:00:00 2001
From: Tim Nyborg <tim.nyborg@gmail.com>
Date: Fri, 2 Feb 2018 11:03:04 +0000
Subject: [PATCH] Update saml2_auth.py

Pass along any _next url var as part of the outstanding queries, so web2py will know where to send the user once they come back from singing on.

Useful if the SAML auth is part of a CAS, because otherwise the user is sent from the CAS consumer -> CAS -> SSO -> CAS, and is never returned to the consumer application
---
 gluon/contrib/login_methods/saml2_auth.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gluon/contrib/login_methods/saml2_auth.py b/gluon/contrib/login_methods/saml2_auth.py
index d80a13ba..9439443d 100644
--- a/gluon/contrib/login_methods/saml2_auth.py
+++ b/gluon/contrib/login_methods/saml2_auth.py
@@ -121,6 +121,8 @@ def saml2_handler(session, request, config_filename = None, entityid = None):
         req_id, req = client.create_authn_request(destination, binding=binding)
         relay_state = web2py_uuid().replace('-','')
         session.saml_outstanding_queries = {req_id: request.url}
+	if '_next' in request.vars:
+            session.saml_outstanding_queries += '?%s' % request.vars._next
         session.saml_req_id = req_id
         http_args = client.apply_binding(binding, str(req), destination,
                                          relay_state=relay_state)