Add a new config option: logout_requests_signed to automatically sign all logout requests by default

author: Lorenzo Gil <lgs@yaco.es> 2012-03-18 08:50:44 +0100
committer: Lorenzo Gil <lgs@yaco.es> 2012-03-18 08:50:44 +0100
commit: 00a7b5457e5a111b4493302f72d0a324ee6223ce (patch)
tree: 8893dbd7a806f995d294d236f9d82c5a96be685e
parent: 20d9d92681dda19e22f3e1c909f75c08fba5cc3b (diff)
download: pysaml2-00a7b5457e5a111b4493302f72d0a324ee6223ce.tar.gz
2 files changed, 13 insertions, 2 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py
index 83491fb7..85499be5 100644
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -136,6 +136,12 @@ class Saml2Client(object):
         else:
             self.authn_requests_signed_default = False
 
+        if getattr(self.config, 'logout_requests_signed', 'false') == 'true':
+            self.logout_requests_signed_default = True
+        else:
+            self.logout_requests_signed_default = False
+
+
     def _relay_state(self, session_id):
         vals = [session_id, str(int(time.time()))]
         if self.config.secret is None:
@@ -621,7 +627,7 @@ class Saml2Client(object):
         return request
     
     def global_logout(self, subject_id, reason="", expire=None,
-                          sign=False, log=None, return_to="/"):
+                          sign=None, log=None, return_to="/"):
         """ More or less a layer of indirection :-/
         Bootstrapping the whole thing by finding all the IdPs that should
         be notified.
@@ -654,7 +660,7 @@ class Saml2Client(object):
                             sign, log, return_to)
         
     def _logout(self, subject_id, entity_ids, reason, expire, 
-                sign, log=None, return_to="/"):
+                sign=None, log=None, return_to="/"):
         
         # check time
         if not not_on_or_after(expire): # I've run out of time
@@ -687,6 +693,10 @@ class Saml2Client(object):
                 
                 to_sign = []
                 #if sign and binding != BINDING_HTTP_REDIRECT:
+
+                if sign is None:
+                    sign = self.logout_requests_signed_default
+
                 if sign:
                     request.signature = pre_signature_part(request.id,
                                                     self.sec.my_cert, 1)
diff --git a/src/saml2/config.py b/src/saml2/config.py
index ddad04ef..8e81deee 100644
--- a/src/saml2/config.py
+++ b/src/saml2/config.py
@@ -27,6 +27,7 @@ COMMON_ARGS = ["entityid", "xmlsec_binary", "debug", "key_file", "cert_file",
                 "virtual_organization",
                 "logger",
                 "only_use_keys_in_metadata",
+                "logout_requests_signed",
                 ]
 
 SP_ARGS = [
author	Lorenzo Gil <lgs@yaco.es>	2012-03-18 08:50:44 +0100
committer	Lorenzo Gil <lgs@yaco.es>	2012-03-18 08:50:44 +0100
commit	00a7b5457e5a111b4493302f72d0a324ee6223ce (patch)
tree	8893dbd7a806f995d294d236f9d82c5a96be685e
parent	20d9d92681dda19e22f3e1c909f75c08fba5cc3b (diff)
download	pysaml2-00a7b5457e5a111b4493302f72d0a324ee6223ce.tar.gz