Prevent open redirect vulnerabilities.

Before submitting a SAML2 authentication request, check that the
next URL in the login flow is safe to return to.

django_saml2_auth/views.py

@@ -20,6 +20,7 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.template import TemplateDoesNotExist
 from django.http import HttpResponseRedirect
+from django.utils.http import is_safe_url
 
 try:
     import urllib2 as _urllib
@@ -183,6 +184,10 @@ def signin(r):
     except:
         next_url = r.GET.get('next', get_reverse('admin:index'))
 
+    # Only permit signin requests where the next_url is a safe URL
+    if not is_safe_url(next_url):
+        return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
+
     r.session['login_next_url'] = next_url
 
     saml_client = _get_saml_client(get_current_domain(r))