SAML: IDP initiated logout request comes with RelayState and it causes error

[jpatel3]

Expected behaviour

When IDP initiated Single Sign On or Single Log Out request comes to SP, make RelayState optional or allow to set default IDP info.

Describe what should happen.
Application has only one IDP, if someway we can set default IDP which can be added as RelayState in case its not provided. IDP has flexibility to pass RelayState IDP information during SSO, but not in case of logout request.

Actual behaviour

saml.py has code idp_name = self.strategy.request_data()["RelayState"] in auth_complete, when RelayState is not provided, it fails on this line with MultiValueDictKeyError at /complete/saml/ 'RelayState'

Describe what happens instead and why is it an issue.
Application has only one IDP, in case of no RelayState IDP provided for saml call, can we pick up thee very first configuration, or allow to set the default RelayState IDP configuration.

[jpatel3]

Can someone please respond to this or if any other suggestion to handle it?

[bryanlandia]

This MultiValueDictKeyError happens in other cases when auth_complete is not called via POST directly from IdP but later in the pipeline. It should have a default value.