diff options
| author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-12-04 14:03:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-12-04 14:03:29 +0100 |
| commit | 12a01b6d54bb821cd49a49588c1d1c468d9cec11 (patch) | |
| tree | b45cfc1f33d9e833346d50a59c359506b6a99639 | |
| parent | 6b24eb2a5d726cea210339f262ccd0058b223dea (diff) | |
| parent | 6a179ff4ae2c6c61ced6eff8f8c0b41966cec35b (diff) | |
| download | pysaml2-12a01b6d54bb821cd49a49588c1d1c468d9cec11.tar.gz | |
Merge pull request #574 from rectalogic/error-status
Raise status exception when parsing an error status response
| -rw-r--r-- | src/saml2/entity.py | 2 | ||||
| -rw-r--r-- | tests/test_51_client.py | 33 |
2 files changed, 32 insertions, 3 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 7b857373..e69fc1aa 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -1207,8 +1207,6 @@ class Entity(HTTPBase): else: response.require_signature = require_signature response = response.verify(keys) - except Exception as err: - logger.error("Exception verifying assertion: %s" % err) else: assertions_are_signed = True finally: diff --git a/tests/test_51_client.py b/tests/test_51_client.py index 45b858bd..3dad6d9f 100644 --- a/tests/test_51_client.py +++ b/tests/test_51_client.py @@ -28,7 +28,7 @@ from saml2.extension.requested_attributes import RequestedAttribute from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.client import Saml2Client from saml2.pack import parse_soap_enveloped_saml -from saml2.response import LogoutResponse +from saml2.response import LogoutResponse, StatusInvalidNameidPolicy from saml2.saml import NAMEID_FORMAT_PERSISTENT, EncryptedAssertion, Advice from saml2.saml import NAMEID_FORMAT_TRANSIENT from saml2.saml import NameID @@ -2294,6 +2294,37 @@ class TestClientNonAsciiAva: # A successful test is parsing the response. assert authn_response is not None + def test_response_error_status(self): + """ Test that the SP client can parse an authentication response + from an IdP that contains an error status.""" + + conf = config.SPConfig() + conf.load_file("server_conf") + client = Saml2Client(conf) + + resp = self.server.create_error_response( + in_response_to="id1", + destination="http://lingon.catalogix.se:8087/", + info=(samlp.STATUS_INVALID_NAMEID_POLICY, None), + ) + + # Cast the response to a string and encode it to mock up the payload + # the SP client is expected to receive via HTTP POST binding. + if six.PY2: + resp_str = encode_fn(str(resp)) + else: + resp_str = encode_fn(bytes(str(resp), 'utf-8')) + + # We do not need the client to verify a signature for this test. + client.want_assertions_signed = False + client.want_response_signed = False + + # Parse the authentication error response + with raises(StatusInvalidNameidPolicy): + client.parse_authn_request_response( + resp_str, BINDING_HTTP_POST, + {"id1": "http://foo.example.com/service"}) + def setup_verify_authn_response(self): idp = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Dave"], "sn": ["ConcepciĆ³n"], |