diff options
author | Maxime Besson <maxime.besson@worteks.com> | 2020-10-04 09:18:18 +0200 |
---|---|---|
committer | Maxime Besson <maxime.besson@worteks.com> | 2020-10-07 17:16:47 +0200 |
commit | fb1b8e52535cc9bbfe5d009b601b0e9a7b1d0259 (patch) | |
tree | b6a2bda2b3891ddf1f24441f04d1a0a3d302acf2 | |
parent | db417d8be5195a9416a4245d9b7289580e1a2fe5 (diff) | |
download | pysaml2-fb1b8e52535cc9bbfe5d009b601b0e9a7b1d0259.tar.gz |
Fixes #733: add setting to sign logout responses
-rw-r--r-- | src/saml2/client.py | 5 | ||||
-rw-r--r-- | src/saml2/client_base.py | 1 | ||||
-rw-r--r-- | src/saml2/config.py | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py index e283420a..599a78b2 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -487,7 +487,7 @@ class Saml2Client(Base): else: raise SAMLError("Unsupported binding") - def handle_logout_request(self, request, name_id, binding, sign=False, + def handle_logout_request(self, request, name_id, binding, sign=None, sign_alg=None, relay_state=""): """ Deal with a LogoutRequest @@ -534,6 +534,9 @@ class Saml2Client(Base): response_bindings = self.config.preferred_binding[ "single_logout_service"] + if sign is None: + sign = self.logout_responses_signed + response = self.create_logout_response(_req.message, response_bindings, status, sign, sign_alg=sign_alg) rinfo = self.response_args(_req.message, response_bindings) diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index 871f3f2c..59a3a995 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -162,6 +162,7 @@ class Base(Entity): attribute_defaults = { "logout_requests_signed": False, + "logout_responses_signed": False, "allow_unsolicited": False, "authn_requests_signed": False, "want_assertions_signed": False, diff --git a/src/saml2/config.py b/src/saml2/config.py index eb00c7cf..2f6e13b0 100644 --- a/src/saml2/config.py +++ b/src/saml2/config.py @@ -95,6 +95,7 @@ SP_ARGS = [ "name_id_policy_format", "name_id_format_allow_create", "logout_requests_signed", + "logout_responses_signed", "requested_attribute_name_format", "hide_assertion_consumer_service", "force_authn", @@ -201,6 +202,7 @@ class Config(object): self.virtual_organization = None self.only_use_keys_in_metadata = True self.logout_requests_signed = None + self.logout_responses_signed = None self.disable_ssl_certificate_validation = None self.context = "" self.attribute_converters = None |