Sign logout requests according to logout_requests_signed config option

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/src/saml2/client.py b/src/saml2/client.py
index 3aaefcd1..cf0399f3 100644
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -280,6 +280,7 @@ class Saml2Client(Base):
                 except KeyError:
                     session_indexes = None
 
+                sign = sign if sign is not None else self.logout_requests_signed
                 sign_post = False if binding == BINDING_HTTP_REDIRECT else sign
                 sign_redirect = False if binding == BINDING_HTTP_POST and sign else sign
 
diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index 71e9ecfb..d2d6ec5c 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -241,7 +241,11 @@ class Entity(HTTPBase):
         :return: A dictionary
         """
 
-        # XXX sig-allowed should be configurable
+        # XXX SIG_ALLOWED_ALG should be configurable
+        # XXX should_sign stems from authn_requests_signed and sign_response
+        # XXX based on the type of the entity
+        # XXX but should also take into account the type of message (Authn/Logout/etc)
+        # XXX should_sign should be split and the exact config options should be checked
         sign = sign if sign is not None else self.should_sign
         sign_alg = sigalg or self.signing_algorithm
         if sign_alg not in [long_name for short_name, long_name in SIG_ALLOWED_ALG]: