Merge pull request #434 from c00kiemon5ter/feature-hide-assertion-consumer-service

Add configuration option to hide assertion consumer service on authn requests This kind of functionality is required for the eIDAS SAML profile that dictates that > eIDAS-Connectors SHOULD NOT provide AssertionConsumerServiceURL.
author: Ivan Kanakarakis <ivan.kanak@gmail.com> 2017-07-26 05:08:18 -0700
committer: GitHub <noreply@github.com> 2017-07-26 05:08:18 -0700
commit: 5d7f27eeb81f2d4726fa9bd47a20a49564658dc8 (patch)
tree: e41e37fca93ce47827a190f8479387b4915ab0d2
parent: 6d2200808b618f0fc8b163d7e03e16c2827c4eeb (diff)
parent: 8ca067dce4dea1fb5dd4035e4f1036a47e984a17 (diff)
download: pysaml2-5d7f27eeb81f2d4726fa9bd47a20a49564658dc8.tar.gz
2 files changed, 20 insertions, 15 deletions
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index a5957f1d..50b457d1 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -235,26 +235,30 @@ class Base(Entity):
 
         args = {}
 
-        try:
-            args["assertion_consumer_service_url"] = kwargs[
-                "assertion_consumer_service_urls"][0]
-            del kwargs["assertion_consumer_service_urls"]
-        except KeyError:
+        if self.config.getattr('hide_assertion_consumer_service', 'sp'):
+            args["assertion_consumer_service_url"] = None
+            binding = None
+        else:
             try:
                 args["assertion_consumer_service_url"] = kwargs[
-                    "assertion_consumer_service_url"]
-                del kwargs["assertion_consumer_service_url"]
+                    "assertion_consumer_service_urls"][0]
+                del kwargs["assertion_consumer_service_urls"]
             except KeyError:
                 try:
-                    args["assertion_consumer_service_index"] = str(
-                        kwargs["assertion_consumer_service_index"])
-                    del kwargs["assertion_consumer_service_index"]
+                    args["assertion_consumer_service_url"] = kwargs[
+                        "assertion_consumer_service_url"]
+                    del kwargs["assertion_consumer_service_url"]
                 except KeyError:
-                    if service_url_binding is None:
-                        service_urls = self.service_urls(binding)
-                    else:
-                        service_urls = self.service_urls(service_url_binding)
-                    args["assertion_consumer_service_url"] = service_urls[0]
+                    try:
+                        args["assertion_consumer_service_index"] = str(
+                            kwargs["assertion_consumer_service_index"])
+                        del kwargs["assertion_consumer_service_index"]
+                    except KeyError:
+                        if service_url_binding is None:
+                            service_urls = self.service_urls(binding)
+                        else:
+                            service_urls = self.service_urls(service_url_binding)
+                        args["assertion_consumer_service_url"] = service_urls[0]
 
         try:
             args["provider_name"] = kwargs["provider_name"]
diff --git a/src/saml2/config.py b/src/saml2/config.py
index 6c86f377..e508a954 100644
--- a/src/saml2/config.py
+++ b/src/saml2/config.py
@@ -76,6 +76,7 @@ SP_ARGS = [
     "name_id_format_allow_create",
     "logout_requests_signed",
     "requested_attribute_name_format",
+    "hide_assertion_consumer_service",
     "force_authn",
 ]
author	Ivan Kanakarakis <ivan.kanak@gmail.com>	2017-07-26 05:08:18 -0700
committer	GitHub <noreply@github.com>	2017-07-26 05:08:18 -0700
commit	5d7f27eeb81f2d4726fa9bd47a20a49564658dc8 (patch)
tree	e41e37fca93ce47827a190f8479387b4915ab0d2
parent	6d2200808b618f0fc8b163d7e03e16c2827c4eeb (diff)
parent	8ca067dce4dea1fb5dd4035e4f1036a47e984a17 (diff)
download	pysaml2-5d7f27eeb81f2d4726fa9bd47a20a49564658dc8.tar.gz