I found that users that have is_active set to false are still allowed to login through SAML, the saml_login code in views.py doesn't check if it actually get back a user from the authenticate call, so just creating a backend that checks for is_active=False and returns None if so doesn't really work.

I propose something like this in the saml_login view.

user = authenticate(request=request)
if user is None:
    #raise exception
login(request, user)

If you'd agree I can create a pull request, or would you propose a different solution to block is_active=False users from entering through SAML?

I think that's ok, feel free to shoot over the PR and i'll pull it in with the other one that you made and tag/push it up.

@Big4SMK just checking in to see if you need more guidance or anything. I'm holding off on your other PR until you get this one in, but let me know if you are time limited and I can just get the current one in for now.

I will probably get to it this week.

Let me know what you think of the pull request, I haven't really found time to test it in production yet.

It's now available in 0.0.9 in pypi