Keep SAML configuration check

common/djangoapps/third_party_auth/saml.py

@@ -2,7 +2,6 @@
 Slightly customized python-social-auth backend for SAML 2.0 support
 """
 import logging
-from django.http import Http404
 from social.backends.saml import SAMLAuth, OID_EDU_PERSON_ENTITLEMENT
 from social.exceptions import AuthForbidden, AuthMissingParameter
 
@@ -26,6 +25,9 @@ class SAMLAuthBackend(SAMLAuth):  # pylint: disable=abstract-method
         if not hasattr(self, '_config'):
             from .models import SAMLConfiguration
             self._config = SAMLConfiguration.current()  # pylint: disable=attribute-defined-outside-init
+        if not self._config.enabled:
+            from django.core.exceptions import ImproperlyConfigured
+            raise ImproperlyConfigured("SAML Authentication is not enabled.")
         try:
             return self._config.get_setting(name)
         except KeyError:
@@ -33,18 +35,14 @@ class SAMLAuthBackend(SAMLAuth):  # pylint: disable=abstract-method
 
     def auth_url(self):
         """
-        Check that SAML is enabled and that the request includes an 'idp'
-        parameter before getting the URL to which we must redirect in order to
-        authenticate the user.
+        Check that the request includes an 'idp' parameter before getting the
+        URL to which we must redirect in order to authenticate the user.
 
-        raise Http404 if SAML is disabled
         raise AuthMissingParameter if the 'idp' parameter is missing.
 
         TODO: remove this method once the fix is merged upstream:
         https://github.com/omab/python-social-auth/pull/821
         """
-        if not self._config.enabled:
-            raise Http404
         if 'idp' not in self.strategy.request_data():
             raise AuthMissingParameter(self, 'idp')
         return super(SAMLAuthBackend, self).auth_url()

common/djangoapps/third_party_auth/urls.py

@@ -2,7 +2,7 @@
 
 from django.conf.urls import include, patterns, url
 
-from .views import inactive_user_view, saml_metadata_view, lti_login_and_complete_view, post_to_custom_auth_form
+from .views import inactive_user_view, saml_metadata_view, lti_login_and_complete_view, post_to_custom_auth_form, login
 
 urlpatterns = patterns(
     '',
@@ -10,5 +10,6 @@ urlpatterns = patterns(
     url(r'^auth/custom_auth_entry', post_to_custom_auth_form, name='tpa_post_to_custom_auth_form'),
     url(r'^auth/saml/metadata.xml', saml_metadata_view),
     url(r'^auth/login/(?P<backend>lti)/$', lti_login_and_complete_view),
+    url(r'^auth/login/(?P<backend>[^/]+)/$', login),
     url(r'^auth/', include('social.apps.django_app.urls', namespace='social')),
 )

common/djangoapps/third_party_auth/views.py

@@ -7,7 +7,7 @@ from django.http import HttpResponse, HttpResponseServerError, Http404, HttpResp
 from django.shortcuts import redirect, render
 from django.views.decorators.csrf import csrf_exempt
 import social
-from social.apps.django_app.views import complete
+from social.apps.django_app.views import auth, complete
 from social.apps.django_app.utils import load_strategy, load_backend
 from social.utils import setting_name
 from .models import SAMLConfiguration
@@ -61,6 +61,16 @@ def lti_login_and_complete_view(request, backend, *args, **kwargs):
     return complete(request, backend, *args, **kwargs)
 
 
+def login(*args, **kwargs):
+    """
+    Wraps the python social auth login view to return a 404 if third party
+    auth is disabled.
+    """
+    if not SAMLConfiguration.is_enabled():
+        raise Http404
+    return auth(*args, **kwargs)
+
+
 def post_to_custom_auth_form(request):
     """
     Redirect to a custom login/register page.