ah I think I should be looking at get_or_create_user! apologies!

Hmm looks like I still need to override authenticate as the user isn't saved until _update_user is run....

just inherit this
https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/views.py#L586

and use it in your webpath in the settings' urls.py

you be able to do whatever you need with your users and sites

Thanks so much @peppelinux for your quick response!

I think the only issue i have now is how would I associate request.site based roles to my users based upon the attributes passed from the IDP. I think I'll still need some awareness to the request.context during _update_user.

Hmm I see I can perhaps grab the attributes the session_info, however, I also need to grab the attribute mapping from the IdentityProvider model attached to the reques.site. The attributes have already been mapped in _update_user by the time we reach to the post login hook.

Actually a simpler solve might be

1. only set the mail/email in the SAML_ATTRIBUTE_MAP,
2. then use the post login hook to query IdentityProvider where site=request.site. From there I can map the rest of my user attributes based on their location in the idps saml response from the session_info

@peppelinux Added a PR to pass the request to the _update_user here: #351. But totally understand if that's not the direction you'd like to go.