Pass sign information when calling apply_binding

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

3 files changed, 11 insertions, 7 deletions

diff --git a/src/saml2/client.py b/src/saml2/client.py
index 91d0c90d..e0d71ba1 100644
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -125,7 +125,7 @@ class Saml2Client(Base):
                 args = {}
 
             http_info = self.apply_binding(binding, _req_str, destination,
-                                           relay_state, **args)
+                                           relay_state, sign=sign, **args)
 
             return reqid, binding, http_info
         else:
@@ -240,7 +240,7 @@ class Saml2Client(Base):
                 relay_state = self._relay_state(req_id)
 
                 http_info = self.apply_binding(binding, srequest, destination,
-                                               relay_state, sigalg=sigalg)
+                                               relay_state, sign=sign, sigalg=sigalg)
 
                 if binding == BINDING_SOAP:
                     response = self.send(**http_info)
@@ -478,7 +478,7 @@ class Saml2Client(Base):
                                     "sign": sign}
             relay_state = self._relay_state(query.id)
             return self.apply_binding(binding, "%s" % query, destination,
-                                      relay_state)
+                                      relay_state, sign=sign)
         else:
             raise SAMLError("Unsupported binding")
 
@@ -535,4 +535,4 @@ class Saml2Client(Base):
 
         return self.apply_binding(rinfo["binding"], response,
                                   rinfo["destination"], relay_state,
-                                  response=True)
+                                  response=True, sign=sign)
diff --git a/src/saml2/s2repoze/plugins/sp.py b/src/saml2/s2repoze/plugins/sp.py
index 27dfee68..3b09a91e 100644
--- a/src/saml2/s2repoze/plugins/sp.py
+++ b/src/saml2/s2repoze/plugins/sp.py
@@ -368,7 +368,11 @@ class SAML2Plugin(object):
                     self.outstanding_certs[_sid] = cert
 
                 ht_args = _cli.apply_binding(
-                    _binding, msg_str, destination=dest, relay_state=came_from
+                    _binding,
+                    msg_str,
+                    destination=dest,
+                    relay_state=came_from,
+                    sign=_cli.authn_requests_signed,
                 )
 
                 logger.debug("ht_args: %s", ht_args)
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index cc267aab..45b858bd 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -1375,7 +1375,7 @@ class TestClient:
 
         info = self.client.apply_binding(
             BINDING_HTTP_REDIRECT, msg_str, destination="",
-            relay_state="relay2", sigalg=SIG_RSA_SHA256)
+            relay_state="relay2", sign=True, sigalg=SIG_RSA_SHA256)
 
         loc = info["headers"][0][1]
         qs = parse_qs(loc[1:])
@@ -2875,7 +2875,7 @@ class TestClientNonAsciiAva:
 
         info = self.client.apply_binding(
             BINDING_HTTP_REDIRECT, msg_str, destination="",
-            relay_state="relay2", sigalg=SIG_RSA_SHA256)
+            relay_state="relay2", sign=True, sigalg=SIG_RSA_SHA256)
 
         loc = info["headers"][0][1]
         qs = parse_qs(loc[1:])