added setting variables for custom templates

djangosaml2/views.py

@@ -110,9 +110,9 @@ class LoginView(SPConfigMixin, View):
         will be rendered.
     """
 
-    wayf_template = 'djangosaml2/wayf.html'
-    authorization_error_template = 'djangosaml2/auth_error.html'
-    post_binding_form_template = 'djangosaml2/post_binding_form.html'
+    wayf_template = getattr(settings,'SAML2_CUSTOM_WAYF_TEMPLATE','djangosaml2/wayf.html')
+    authorization_error_template = getattr(settings,'SAML2_CUSTOM_AUTHORIZATION_ERROR_TEMPLATE','djangosaml2/auth_error.html')
+    post_binding_form_template = getattr(settings,'SAML2_CUSTOM_POST_BINDING_FORM_TEMPLATE','djangosaml2/post_binding_form.html')
 
     def get_next_path(self, request: HttpRequest) -> str:
         ''' Returns the path to put in the RelayState to redirect the user to after having logged in.

docs/source/contents/setup.rst

@@ -380,19 +380,51 @@ Learn more about Django profile models at:
 https://docs.djangoproject.com/en/dev/topics/auth/customizing/#substituting-a-custom-user-model
 
 
+Custom user attributes processing
+---------------------------------
+
 Sometimes you need to use special logic to update the user object
 depending on the SAML2 attributes and the mapping described above
 is simply not enough. For these cases djangosaml2 provides hooks_
-that can be overriden with custom functionality. For example::
+that can be overriden with custom functionality.
+
+First of all reference the modified Saml2Backend in settings.py file::
+
+
+    AUTHENTICATION_BACKENDS = [
+        'your_package.authentication.ModifiedSaml2Backend',
+    ]
+
+
+For example::
+
+    from djangosaml2.backends import Saml2Backend
+
+    class ModifiedSaml2Backend(Saml2Backend):
+        def save_user(self, user, *args, **kwargs):
+            user.save()
+            user_group = Group.objects.get(name='Default')
+            user.groups.add(user_group)
+            return super().save_user(user, *args, **kwargs)
+
+Keep in mind save_user is only called when there was a reason to save the User model (ie. first login), and it has no access to SAML attributes for authorization. If this is required, it can be achieved by overriding the _update_user::
+
+    from djangosaml2.backends import Saml2Backend
+
+    class ModifiedSaml2Backend(Saml2Backend):
+        def _update_user(self, user, attributes: dict, attribute_mapping: dict, force_save: bool = False):
+            if 'eduPersonEntitlement' in attributes:
+                if 'some-entitlement' in attributes['eduPersonEntitlement']:
+                    user.is_staff = True
+                    force_save = True
+                else:
+                    user.is_staff = False
+                    force_save = True
+             return super()._update_user(user, attributes, attribute_mapping, force_save)
 
-  from djangosaml2.backends import Saml2Backend
 
-  class MySaml2Backend(Saml2Backend):
-      def save_user(self, user, *args, **kwargs):
-          # Add custom logic here
-          return super().save_user(user, *args, **kwargs)
+.. _hooks: https://github.com/identitypython/djangosaml2/blob/master/djangosaml2/backends.py#L181
 
-.. _hooks: https://github.com/knaperek/djangosaml2/blob/master/djangosaml2/backends.py#L181
 
 
 URLs