= Add to settings =

SAML_SIGNATURE_PRIVATE_KEY = *your_key*
INSTALLED_APPS += ('*project*.authsaml2', '*project*.authsaml2.saml',)
AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    '*project*.authsaml2.backends.SAML2AuthBackend',
)

When login_required() with registration and you want to add on the login page the login with a federated account:
- the template is directly called: use a context processor to pass a variable
TEMPLATE_CONTEXT_PROCESSORS += (
    'spsaml.views.idp_list',
)
spsaml.views.idp_list:
def idp_list(request):
    return {'providers_list': authsaml2.saml.common.get_idp_list()}
- modify LOGIN_URL
LOGIN_URL = '/login/'
url(r'^login/', spsaml.views.login)
Pass {'providers_list': authsaml2.saml.common.get_idp_list()} to the template

Then configure in the admin part your SP

= Target URL =

After logout, the parameter 'Back url' is used. If empty, authsaml2 returns to the root.

After login, authsaml2 will redirect in a parameter you have to register,
authsaml2 returns to the root of the site.
To register a url, if a fonction is called with the next parameter in the url,
as it is the case usually with a login page, just call:
    authsaml2.saml2_endpoints.register_next_target(request)
If there is no next parameter call this function giving the target url
    authsaml2.saml2_endpoints.register_next_target(request, target_url)

After defederation, by default the local session is not sesion is not ended
and the back url is the one of calling of the defederation function.

= Call AuthSAML2 from your login page =

* Views:
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib.auth import views as auth_views
import authentic2.authsaml2.saml2_endpoints

def login(request):
    authsaml2.saml2_endpoints.register_next_target(request)
    return auth_views.login(request)

* Template:

{% if providers_list %}
{% trans "Log in with a federated account?" %}
    <ul>  
    {% for p in providers_list %}
        <li><a href="/authsaml2/sso?entity_id={{ p.entity_id }}" >{{ p.entity_id }}</a></li>
    {% endfor %}
    </ul>
{% endif %}

= Call AuthSAML2 into the application for user account management =

* Views:
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib.auth import views as auth_views
import authentic2.authsaml2.saml2_endpoints
import authentic2.authsaml2.saml.common

def inside(request):
    authsaml2.saml2_endpoints.register_next_target(request, '/in')
    return render_to_response('in.html', {'providers_list_federated': authsaml2.saml.common.get_idp_user_federated_list(request),
                              'providers_list_not_federated': authsaml2.saml.common.get_idp_user_not_federated_list(request),
                              'provider_active_session': authsaml2.saml.common.get_provider_of_active_session(request)},
                              context_instance=RequestContext(request))

* Template:
{% if providers_list_not_federated %}
{% trans "Federate your identity" %}
    <ul>
    {% for p in providers_list_not_federated %}
        <li><a href="/authsaml2/sso?entity_id={{ p.entity_id }}/">{{ p.entity_id }}</a></li>
    {% endfor %}
    </ul>
{% endif %}
{% if providers_list_federated %}
{% trans "Defederate your identity" %}
    <ul>
    {% for p in providers_list_not_federated %}
        <li><a href="/authsaml2/defederate/{{ p.entity_id }}/">{{ p.entity_id }}</a></li>
    {% endfor %}
    </ul>
{% endif %}
{% if provider_active_session %}
{% trans "Logout" %}
    <ul>
    <li>{% trans "Global Logout: " %}<a href="/authsaml2/logout/{{ provider_active_session.entity_id }}/">{{ provider_active_session.entity_id }}</a></li>
    <li><p><a href="{% url 'auth_logout' %}">{% trans "Local log out" %}</a></p></li>
    </ul>
{% else %}
<a href="{% url 'auth_logout' %}">{% trans "Log out" %}</a>
{% endif %}

Now in idp/__init__.py

        tpl_parameters['providers_list_federated'] = authentic.saml.common.get_idp_user_federated_list(request)
        tpl_parameters['providers_list_not_federated'] = authentic.saml.common.get_idp_user_not_federated_list(request)

