diff options
author | Serge Domkowski <sdomkowski@kavi.com> | 2015-10-01 14:32:18 +0000 |
---|---|---|
committer | Serge Domkowski <sdomkowski@kavi.com> | 2015-10-01 14:32:18 +0000 |
commit | 9fd184ce229c2bbc4cbf2c45a6c2fc1b13a457ae (patch) | |
tree | 5cc8126dabd5988b25f9e9b5114bb66b1d303dc4 /src/saml2/client.py | |
parent | ae9d27e5100f002f55ad6eb2b252a0aa5f16a336 (diff) | |
download | pysaml2-9fd184ce229c2bbc4cbf2c45a6c2fc1b13a457ae.tar.gz |
Allow for properly signed HTTP_REDIRECT logout request.
Diffstat (limited to 'src/saml2/client.py')
-rw-r--r-- | src/saml2/client.py | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py index 33d24fc4..5478c470 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -14,6 +14,8 @@ from saml2 import BINDING_HTTP_REDIRECT from saml2 import BINDING_HTTP_POST from saml2 import BINDING_SOAP +import saml2.xmldsig as ds + from saml2.ident import decode, code from saml2.httpbase import HTTPError from saml2.s_utils import sid @@ -161,7 +163,7 @@ class Saml2Client(Base): return self.do_logout(name_id, entity_ids, reason, expire, sign) def do_logout(self, name_id, entity_ids, reason, expire, sign=None, - expected_binding=None): + expected_binding=None, **kwargs): """ :param name_id: Identifier of the Subject (a NameID instance) @@ -172,6 +174,7 @@ class Saml2Client(Base): :param sign: Whether to sign the request or not :param expected_binding: Specify the expected binding then not try it all + :param kwargs: Extra key word arguments. :return: """ # check time @@ -214,15 +217,23 @@ class Saml2Client(Base): if sign is None: sign = self.logout_requests_signed + sigalg = None + key = None if sign: - srequest = self.sign(request) + if binding == BINDING_HTTP_REDIRECT: + sigalg = kwargs.get("sigalg", ds.sig_default) + key = kwargs.get("key", self.signkey) + srequest = str(request) + else: + srequest = self.sign(request) else: - srequest = "%s" % request + srequest = str(request) relay_state = self._relay_state(req_id) http_info = self.apply_binding(binding, srequest, destination, - relay_state) + relay_state, sigalg=sigalg, + key=key) if binding == BINDING_SOAP: response = self.send(**http_info) |