Added configuration so the test idp can change sign and digest algorithm.

If

SIGN_ALG = None
DIGEST_ALG = None

in service_conf sha1 will be used.

2 files changed, 19 insertions, 0 deletions

diff --git a/example/idp2/idp.py b/example/idp2/idp.py
index f3db83e6..4d67a8d9 100755
--- a/example/idp2/idp.py
+++ b/example/idp2/idp.py
@@ -51,6 +51,7 @@ from saml2.sigver import encrypt_cert_from_item
 from idp_user import USERS
 from idp_user import EXTRA
 from mako.lookup import TemplateLookup
+import saml2.xmldsig as ds
 
 logger = logging.getLogger("saml2.idp")
 logger.setLevel(logging.WARNING)
@@ -1067,6 +1068,18 @@ if __name__ == '__main__':
     HOST = CONFIG.HOST
     PORT = CONFIG.PORT
 
+    sign_alg = None
+    digest_alg = None
+    try:
+        sign_alg = CONFIG.SIGN_ALG
+    except:
+        pass
+    try:
+        digest_alg = CONFIG.DIGEST_ALG
+    except:
+        pass
+    ds.DefaultSignature(sign_alg, digest_alg)
+
     SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
 
     _https = ""
diff --git a/example/idp2/idp_conf.py.example b/example/idp2/idp_conf.py.example
index 1a2e4ec8..dda17333 100644
--- a/example/idp2/idp_conf.py.example
+++ b/example/idp2/idp_conf.py.example
@@ -8,6 +8,7 @@ from saml2.saml import NAME_FORMAT_URI
 from saml2.saml import NAMEID_FORMAT_TRANSIENT
 from saml2.saml import NAMEID_FORMAT_PERSISTENT
 import os.path
+import saml2.xmldsig as ds
 
 try:
     from saml2.sigver import get_xmlsec_binary
@@ -39,6 +40,11 @@ else:
 SERVER_CERT = "pki/mycert.pem"
 SERVER_KEY = "pki/mykey.pem"
 CERT_CHAIN = ""
+SIGN_ALG = None
+DIGEST_ALG = None
+#SIGN_ALG = ds.SIG_RSA_SHA512
+#DIGEST_ALG = ds.DIGEST_SHA512
+
 
 CONFIG = {
     "entityid": "%s/idp.xml" % BASE,