IdentityPython
diff --git a/‎.github/workflows/python-package.yml‎
Lines changed: 35 additions & 0 deletions b/‎.github/workflows/python-package.yml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.travis.yml‎
Lines changed: 0 additions & 51 deletions b/‎.travis.yml‎
Lines changed: 0 additions & 51 deletions
diff --git a/‎CHANGES‎
Lines changed: 15 additions & 0 deletions b/‎CHANGES‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎README.rst‎
Lines changed: 42 additions & 19 deletions b/‎README.rst‎
Lines changed: 42 additions & 19 deletions
@@ -0,0 +1,35 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: djangosaml2
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.6, 3.7, 3.8]
+        django-version: ["2.2", "3.0", "master"]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v1
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies and testing utilities
+      run: |
+        sudo apt-get update && sudo apt-get install xmlsec1
+        python -m pip install --upgrade pip tox rstcheck setuptools codecov
+    - name: Readme check
+      if: ${{ matrix.python-version }} == 3.8 && ${{ matrix.django-version }} == "3.0"
+      run: rstcheck README.rst
+    - name: Tests
+      run: tox -e py${{ matrix.python-version }}-django${{ matrix.django-version }}
@@ -1,3 +1,4 @@
+db.sqlite3
 .tox/
 *.pyc
 *.egg-info
@@ -12,3 +13,5 @@ venv
 tags
 .idea/
 .vscode/
+build/
+dist/
@@ -1,5 +1,20 @@
 Changes
 =======
+
+0.19.0 (2020-05-x)
+------------------
+
+- Support several required fields during User creation
+- Don't pass sigalg parameter when not signing login request
+- ALLOW_SAML_HOSTNAMES validation for redirect
+- Custom attribute mapping for Django user model (example)
+- Slo absence workaround
+- Metadata EntityID exception handling
+- Fix unsigned authentication request to POST endpoint
+- py38 Test fixes
+- CI with Github actions
+- Backend restructuring for easier subclassing
+
 0.18.1 (2020-02-15)
 ----------
 - Fixed regression from 0.18.0. Thanks to OskarPersson
 
@@ -2,14 +2,13 @@
 djangosaml2
 ===========
 
-.. image:: https://travis-ci.org/knaperek/djangosaml2.svg?branch=master
-    :target: https://travis-ci.org/knaperek/djangosaml2
-    :align: left
+.. image:: https://github.com/knaperek/djangosaml2/workflows/djangosaml2/badge.svg
+    :target: https://github.com/knaperek/djangosaml2/workflows/djangosaml2/badge.svg
 
 
-djangosaml2 is a Django application that integrates the PySAML2 library
-into your project. This mean that you can protect your Django based project
-with a service provider based on PySAML. This way it will talk SAML2 with
+A Django application that builds a Fully Compliant SAML2 Service Provider on top of PySAML2 library.
+This mean that you can protect your Django based project
+with a SAML2 SSO Authentication. This way it will talk SAML2 with
 your Identity Provider allowing you to use this authentication mechanism.
 This document will guide you through a few simple steps to accomplish
 such goal.
@@ -82,15 +81,9 @@ A typical configuration would look like this::
       'djangosaml2.backends.Saml2Backend',
   )
 
-.. note::
-
-  Before djangosaml2 0.5.0 this authentication backend was
-  automatically added by djangosaml2. This turned out to be
-  a bad idea since some applications want to use their own
-  custom policies for authorization and the authentication
-  backend is a good place to define that. Starting from
-  djangosaml2 0.5.0 it is now possible to define such
-  backends.
+It is possible to subclass the provided Saml2Backend and customize the behaviour
+by overriding some methods. This way you can perform your custom cleaning or authorization
+policy, and modify the way users are looked up and created.
 
 Finally we have to tell Django what the new login url we want to use is::
 
@@ -113,6 +106,24 @@ If you want to allow several authentication mechanisms in your project
 you should set the LOGIN_URL option to another view and put a link in such
 view to the ``/saml2/login/`` view.
 
+Handling Post-Login Redirects
+-----------------------------
+It is often desireable for the client to maintain the URL state (or at least manage it) so that
+the URL once authentication has completed is consistent with the desired application state (such
+as retaining query parameters, etc.)  By default, the HttpRequest objects get_host() method is used
+to determine the hostname of the server, and redirect URL's are allowed so long as the destination
+host matches the output of get_host().  However, in some cases it becomes desireable for additional
+hostnames to be used for the post-login redirect.  In such cases, the setting::
+
+  SAML_ALLOWED_HOSTS = []
+  
+May be set to a list of allowed post-login redirect hostnames (note, the URL components beyond the hostname
+may be specified by the client - typically with the ?next= parameter.) 
+
+In the absence of a ?next= parameter, the LOGIN_REDIRECT_URL setting will be used (assuming the destination hostname 
+either matches the output of get_host() or is included in the SAML_ALLOWED_HOSTS setting)
+
+
 Preferred Logout binding
 ------------------------
 Use the following setting to choose your preferred binding for SP initiated logout requests::
@@ -206,6 +217,7 @@ We will see a typical configuration for protecting a Django project::
             'optional_attributes': ['eduPersonAffiliation'],
 
             # in this section the list of IdPs we talk to are defined
+            # This is not mandatory! All the IdP available in the metadata will be considered.
             'idp': {
                 # we do not need a WAYF service since there is
                 # only an IdP defined here. This IdP should be
@@ -320,7 +332,7 @@ Custom error handler
 
 When an error occurs during the authentication flow, djangosaml2 will render
 a simple error page with an error message and status code. You can customize
-this behaviour by specifying the path to your own error handler in the settings:
+this behaviour by specifying the path to your own error handler in the settings::
 
   SAML_ACS_FAILURE_RESPONSE_FUNCTION = 'python.path.to.your.view'
 
@@ -377,10 +389,12 @@ can set in the settings.py file::
 
 This setting is True by default.
 
+The following setting lets you specify a URL for redirection after a successful
+authentication::
+
   ACS_DEFAULT_REDIRECT_URL = reverse_lazy('some_url_name')
 
-This setting lets you specify a URL for redirection after a successful
-authentication. Particularly useful when you only plan to use
+Particularly useful when you only plan to use
 IdP initiated login and the IdP does not have a configured RelayState
 parameter. The default is ``/``.
 
@@ -524,9 +538,18 @@ following url::
 Now if you go to the /test/ url you will see your SAML attributes and also
 a link to do a global logout.
 
-You can also run the unit tests with the following command::
+Unit tests
+==========
 
+You can also run the unit tests as follows::
+
+  pip install -r requirements-dev.txt
+  python3 tests/manage.py migrate
+  
   python tests/run_tests.py
+  # or
+  python tests/manage.py test -v 3
+
 
 If you have `tox`_ installed you can simply call tox inside the root directory
 and it will run the tests in multiple versions of Python.