From 3f15d1ceb8b6de3cadc4794db50172365ad61ee6 Mon Sep 17 00:00:00 2001
From: Tim Nyborg <tim.nyborg@gmail.com>
Date: Tue, 7 May 2019 09:09:56 +0100
Subject: [PATCH] correct SAML authorization request binding

AuthnRequest cannot use BINDING_HTTP_REDIRECT, according to the SAML v2 specifications.  See:
https://github.com/IdentityPython/pysaml2/issues/163
---
 gluon/contrib/login_methods/saml2_auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gluon/contrib/login_methods/saml2_auth.py b/gluon/contrib/login_methods/saml2_auth.py
index 7bec2612..a791f0d3 100644
--- a/gluon/contrib/login_methods/saml2_auth.py
+++ b/gluon/contrib/login_methods/saml2_auth.py
@@ -118,7 +118,7 @@ def saml2_handler(session, request, config_filename = None, entityid = None):
     elif request.env.request_method == 'POST':
         binding = BINDING_HTTP_POST
     if not request.vars.SAMLResponse:
-        req_id, req = client.create_authn_request(destination, binding=binding)
+        req_id, req = client.create_authn_request(destination, binding=BINDING_HTTP_POST)
         relay_state = web2py_uuid().replace('-','')
         session.saml_outstanding_queries = {req_id: request.url}    
         session.saml_req_id = req_id