From 1028f385e413f808e03c11642c7aa8080f7eb664 Mon Sep 17 00:00:00 2001
From: "Mees, T.D. (Ty)" <t.d.mees@uu.nl>
Date: Mon, 3 Jul 2023 13:17:27 +0200
Subject: [PATCH] fix: prefer REDIRECT binding for logout Without this setting,
 the SP will try SOAP on UU IdP's for no apparent reason

---
 src/cdh/federated_auth/saml/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/cdh/federated_auth/saml/settings.py b/src/cdh/federated_auth/saml/settings.py
index 630da9a4..97a8aa4e 100644
--- a/src/cdh/federated_auth/saml/settings.py
+++ b/src/cdh/federated_auth/saml/settings.py
@@ -50,6 +50,8 @@
 }
 
 SAML_DEFAULT_BINDING = saml2.BINDING_HTTP_REDIRECT  # or saml2.BIND_HTTP_POST
+SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_REDIRECT # or saml2.BIND_HTTP_POST
+
 # Set this to 'False' if your app needs to be paranoid. Generally not needed.
 SAML_IGNORE_LOGOUT_ERRORS = True
 SAML_SESSION_COOKIE_NAME = 'saml_session'