From 07b94026841ce64f2cfa87e3ec5020029ade7c32 Mon Sep 17 00:00:00 2001
From: Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>
Date: Tue, 11 Feb 2025 17:24:13 +0100
Subject: [PATCH 1/4] [FIX] auth_saml: avoid redirecting when there is a SAML
 error

---
 auth_saml/controllers/main.py                                  | 2 +-
 auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix

diff --git a/auth_saml/controllers/main.py b/auth_saml/controllers/main.py
index fb635d3a72..6cdd118cd8 100644
--- a/auth_saml/controllers/main.py
+++ b/auth_saml/controllers/main.py
@@ -83,7 +83,7 @@ def _saml_autoredirect(self):
         autoredirect_providers = self.list_saml_providers(True)
         # do not redirect if asked too or if a SAML error has been found
         disable_autoredirect = (
-            "disable_autoredirect" in request.params or "error" in request.params
+            "disable_autoredirect" in request.params or "saml_error" in request.params
         )
         if autoredirect_providers and not disable_autoredirect:
             return werkzeug.utils.redirect(
diff --git a/auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix b/auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix
new file mode 100644
index 0000000000..76fade2faf
--- /dev/null
+++ b/auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix
@@ -0,0 +1 @@
+Avoid redirecting when there is a SAML error.

From 5d1f0c549887f1c1ccf970c7b3094968f44adfd0 Mon Sep 17 00:00:00 2001
From: OCA-git-bot <oca-git-bot@odoo-community.org>
Date: Tue, 13 May 2025 07:59:52 +0000
Subject: [PATCH 2/4] [BOT] post-merge updates

---
 README.md                                              |  2 +-
 auth_saml/README.rst                                   | 10 +++++++++-
 auth_saml/__manifest__.py                              |  2 +-
 auth_saml/readme/HISTORY.md                            |  7 +++++++
 .../newsfragments/+avoid_autoredirect_loop.bugfix      |  1 -
 5 files changed, 18 insertions(+), 4 deletions(-)
 delete mode 100644 auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix

diff --git a/README.md b/README.md
index 17d8a5f250..bfafcf0825 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 17.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oidc](auth_oidc/) | 17.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
-[auth_saml](auth_saml/) | 17.0.1.0.1 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
+[auth_saml](auth_saml/) | 17.0.1.0.2 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 17.0.1.0.1 |  | This module disable all inactive sessions since a given delay
 [auth_signup_verify_email](auth_signup_verify_email/) | 17.0.1.0.0 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 17.0.1.0.0 |  | Makes the user login field case insensitive
diff --git a/auth_saml/README.rst b/auth_saml/README.rst
index 8ae4813cd4..3ca42bf0b7 100644
--- a/auth_saml/README.rst
+++ b/auth_saml/README.rst
@@ -7,7 +7,7 @@ SAML2 Authentication
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:ffa8efafb4e4dcf93290b09d3910d691b713c29ca2ba54b6b263a9a4336a49b4
+   !! source digest: sha256:f11b828c2fb6ecdce71d6b314a12033683c795178ecae0052f78541e0cf215fe
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -96,6 +96,14 @@ Known issues / Roadmap
 Changelog
 =========
 
+17.0.1.0.2 (2025-05-13)
+-----------------------
+
+Bugfixes
+~~~~~~~~
+
+- Avoid redirecting when there is a SAML error.
+
 17.0.1.1.0
 ----------
 
diff --git a/auth_saml/__manifest__.py b/auth_saml/__manifest__.py
index 1146e54fbf..33e19ffa62 100644
--- a/auth_saml/__manifest__.py
+++ b/auth_saml/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "SAML2 Authentication",
-    "version": "17.0.1.0.1",
+    "version": "17.0.1.0.2",
     "category": "Tools",
     "author": "XCG Consulting, Odoo Community Association (OCA)",
     "maintainers": ["vincent-hatakeyama"],
diff --git a/auth_saml/readme/HISTORY.md b/auth_saml/readme/HISTORY.md
index 27737662f0..b8cac59791 100644
--- a/auth_saml/readme/HISTORY.md
+++ b/auth_saml/readme/HISTORY.md
@@ -1,3 +1,10 @@
+## 17.0.1.0.2 (2025-05-13)
+
+### Bugfixes
+
+- Avoid redirecting when there is a SAML error.
+
+
 ## 17.0.1.1.0
 
 When using attribute mapping, only write value that changes.
diff --git a/auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix b/auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix
deleted file mode 100644
index 76fade2faf..0000000000
--- a/auth_saml/readme/newsfragments/+avoid_autoredirect_loop.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Avoid redirecting when there is a SAML error.

From 89d8b089776f71aaee5e6a0defd7e2a8bf44d195 Mon Sep 17 00:00:00 2001
From: Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>
Date: Tue, 28 Jan 2025 10:13:33 +0100
Subject: [PATCH 3/4] [FIX] auth_saml: message indicates that a key is found
 incorrectly

The message is incorrect, the log is done when the attribute key is not
found.
---
 auth_saml/models/auth_saml_provider.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth_saml/models/auth_saml_provider.py b/auth_saml/models/auth_saml_provider.py
index 4b323b7c26..f1c0cb0de8 100644
--- a/auth_saml/models/auth_saml_provider.py
+++ b/auth_saml/models/auth_saml_provider.py
@@ -357,7 +357,7 @@ def _hook_validate_auth_response(self, response, matching_value):
         for attribute in self.attribute_mapping_ids:
             if attribute.attribute_name not in attrs:
                 _logger.debug(
-                    "SAML attribute '%s' found in response %s",
+                    "SAML attribute '%s' not found in response %s",
                     attribute.attribute_name,
                     attrs,
                 )

From e25ccefc86033448f05d4e10c238de7a49677df7 Mon Sep 17 00:00:00 2001
From: OCA-git-bot <oca-git-bot@odoo-community.org>
Date: Tue, 13 May 2025 08:13:32 +0000
Subject: [PATCH 4/4] [BOT] post-merge updates

---
 README.md                 | 2 +-
 auth_saml/README.rst      | 2 +-
 auth_saml/__manifest__.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index bfafcf0825..508bea4a5b 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 17.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oidc](auth_oidc/) | 17.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
-[auth_saml](auth_saml/) | 17.0.1.0.2 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
+[auth_saml](auth_saml/) | 17.0.1.0.3 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 17.0.1.0.1 |  | This module disable all inactive sessions since a given delay
 [auth_signup_verify_email](auth_signup_verify_email/) | 17.0.1.0.0 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 17.0.1.0.0 |  | Makes the user login field case insensitive
diff --git a/auth_saml/README.rst b/auth_saml/README.rst
index 3ca42bf0b7..292e7a0a2b 100644
--- a/auth_saml/README.rst
+++ b/auth_saml/README.rst
@@ -7,7 +7,7 @@ SAML2 Authentication
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:f11b828c2fb6ecdce71d6b314a12033683c795178ecae0052f78541e0cf215fe
+   !! source digest: sha256:5983d568b4ebbaae513571636a06e69fe04be92d34fb387d48c553be2cbb5aa0
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
diff --git a/auth_saml/__manifest__.py b/auth_saml/__manifest__.py
index 33e19ffa62..34be739cf0 100644
--- a/auth_saml/__manifest__.py
+++ b/auth_saml/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "SAML2 Authentication",
-    "version": "17.0.1.0.2",
+    "version": "17.0.1.0.3",
     "category": "Tools",
     "author": "XCG Consulting, Odoo Community Association (OCA)",
     "maintainers": ["vincent-hatakeyama"],