Reworked the security backend so you should now be able to use a HSM again for XML security. Support for non-XML crypto using HSMs are on the way.

author: Roland Hedberg <roland.hedberg@adm.umu.se> 2015-12-11 13:02:49 +0100
committer: Roland Hedberg <roland.hedberg@adm.umu.se> 2015-12-11 13:02:49 +0100
commit: 6200f158dbad1acf9bf6982a738c58620452f813 (patch)
tree: 3fd0a53efa2cc70cae8b72289fa5cb7f39bdea7f /example
parent: 82d3b4da6ebd19f556d2f4d377236a05bb64cd75 (diff)
download: pysaml2-6200f158dbad1acf9bf6982a738c58620452f813.tar.gz
3 files changed, 10 insertions, 3 deletions
diff --git a/example/idp2/idp.py b/example/idp2/idp.py
index 7b079be1..b4e8321f 100755
--- a/example/idp2/idp.py
+++ b/example/idp2/idp.py
@@ -389,6 +389,10 @@ class SSO(Service):
                 resp = BadRequest("Message signature verification failure")
                 return resp(self.environ, self.start_response)
 
+            if not self.req_info:
+                resp = BadRequest("Message parsing failed")
+                return resp(self.environ, self.start_response)
+
             _req = self.req_info.message
 
             if "SigAlg" in saml_msg and "Signature" in saml_msg:
@@ -397,7 +401,8 @@ class SSO(Service):
                 _certs = IDP.metadata.certs(issuer, "any", "signing")
                 verified_ok = False
                 for cert in _certs:
-                    if verify_redirect_signature(saml_msg, cert):
+                    if verify_redirect_signature(saml_msg, IDP.sec.sec_backend,
+                                                 cert):
                         verified_ok = True
                         break
                 if not verified_ok:
diff --git a/example/idp2/idp_uwsgi.py b/example/idp2/idp_uwsgi.py
index 30e4b26a..08813499 100755
--- a/example/idp2/idp_uwsgi.py
+++ b/example/idp2/idp_uwsgi.py
@@ -366,7 +366,8 @@ class SSO(Service):
                 _certs = IDP.metadata.certs(issuer, "any", "signing")
                 verified_ok = False
                 for cert in _certs:
-                    if verify_redirect_signature(saml_msg, cert):
+                    if verify_redirect_signature(saml_msg, IDP.sec.sec_backend,
+                                                 cert):
                         verified_ok = True
                         break
                 if not verified_ok:
diff --git a/example/idp2_repoze/idp.py b/example/idp2_repoze/idp.py
index 9512fca0..3674eae8 100755
--- a/example/idp2_repoze/idp.py
+++ b/example/idp2_repoze/idp.py
@@ -350,7 +350,8 @@ class SSO(Service):
                 _certs = IDP.metadata.certs(issuer, "any", "signing")
                 verified_ok = False
                 for cert in _certs:
-                    if verify_redirect_signature(_info, cert):
+                    if verify_redirect_signature(_info, IDP.sec.sec_backend,
+                                                 cert):
                         verified_ok = True
                         break
                 if not verified_ok:
author	Roland Hedberg <roland.hedberg@adm.umu.se>	2015-12-11 13:02:49 +0100
committer	Roland Hedberg <roland.hedberg@adm.umu.se>	2015-12-11 13:02:49 +0100
commit	6200f158dbad1acf9bf6982a738c58620452f813 (patch)
tree	3fd0a53efa2cc70cae8b72289fa5cb7f39bdea7f /example
parent	82d3b4da6ebd19f556d2f4d377236a05bb64cd75 (diff)
download	pysaml2-6200f158dbad1acf9bf6982a738c58620452f813.tar.gz