Log a warning for insecure configurations

author: Ioannis Kakavas <ikakavas@noc.grnet.gr> 2017-08-02 10:37:19 +0300
committer: Ioannis Kakavas <ikakavas@noc.grnet.gr> 2017-08-02 10:37:19 +0300
commit: 11ad0825a063a36753b6cbbeac5a0941f2e0ca4a (patch)
tree: d62ea54e0c5b67d3bcd4485fdaa28fa5f02bf83f
parent: e08b3ff8c5f9525f2ddc067b058a5c7db7a12e67 (diff)
download: pysaml2-11ad0825a063a36753b6cbbeac5a0941f2e0ca4a.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index 94531d77..fdbeadc2 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -126,6 +126,11 @@ class Base(Entity):
             if v is False or v == 'false':
                 setattr(self, param, False)
 
+        if self.entity_type == "sp" and not any(self.want_assertions_signed,
+                                                self.want_response_signed):
+            logger.warning("The SAML service provider accepts unsigned SAML Responses " +
+                           "and Assertions. This configuration is insecure.")
+
         self.artifact2response = {}
 
     #
author	Ioannis Kakavas <ikakavas@noc.grnet.gr>	2017-08-02 10:37:19 +0300
committer	Ioannis Kakavas <ikakavas@noc.grnet.gr>	2017-08-02 10:37:19 +0300
commit	11ad0825a063a36753b6cbbeac5a0941f2e0ca4a (patch)
tree	d62ea54e0c5b67d3bcd4485fdaa28fa5f02bf83f
parent	e08b3ff8c5f9525f2ddc067b058a5c7db7a12e67 (diff)
download	pysaml2-11ad0825a063a36753b6cbbeac5a0941f2e0ca4a.tar.gz