diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-04-09 13:31:03 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-04-09 13:31:03 +0300 |
commit | 4c550f5370862cb3ed3b02dad346ce2fff71aeb3 (patch) | |
tree | 1e78762c4ac2636a5d29d819c97c44638512b901 | |
parent | c1fab71cf9f24dce4cc8985061c45a19481dcec0 (diff) | |
download | pysaml2-4c550f5370862cb3ed3b02dad346ce2fff71aeb3.tar.gz |
Sign logout requests according to logout_requests_signed config option
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | src/saml2/client.py | 1 | ||||
-rw-r--r-- | src/saml2/entity.py | 6 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py index 3aaefcd1..cf0399f3 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -280,6 +280,7 @@ class Saml2Client(Base): except KeyError: session_indexes = None + sign = sign if sign is not None else self.logout_requests_signed sign_post = False if binding == BINDING_HTTP_REDIRECT else sign sign_redirect = False if binding == BINDING_HTTP_POST and sign else sign diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 71e9ecfb..d2d6ec5c 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -241,7 +241,11 @@ class Entity(HTTPBase): :return: A dictionary """ - # XXX sig-allowed should be configurable + # XXX SIG_ALLOWED_ALG should be configurable + # XXX should_sign stems from authn_requests_signed and sign_response + # XXX based on the type of the entity + # XXX but should also take into account the type of message (Authn/Logout/etc) + # XXX should_sign should be split and the exact config options should be checked sign = sign if sign is not None else self.should_sign sign_alg = sigalg or self.signing_algorithm if sign_alg not in [long_name for short_name, long_name in SIG_ALLOWED_ALG]: |