@peppelinux / @pandafy #398 - This change is a breaking change for us when upgrading.

Our SAML_USER_MODEL does not extend the Django User model and therefore did not have a set_unusable_password method and also does not even have a password field either. It appears this change was made under the assumption that the SAM_USER_MODEL extends the base Django User.

We've worked around this by adding in a method shim to preven the error from occuring:

class ADUser(models.Model):
 # Fields and other methods
 def set_unusable_password(self):
 """
 This is a shim to stop Django-SAML2 from erroring out when creating a new "ADUser"
 where `get_or_create_user()` in `djangosaml2/backends.py` is called.

 Since ADUser doesn't have password functionality, this method does nothing
 but prevents AttributeError when Django-SAML2 tries to call it.
 """
 pass

I'm happy to open a PR that improves this area of code by only calling set_unsuable_password() if the method exists on the model returned by SAML_USER_MODEL. Please let me know if you'd accept a PR.