diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-11-19 14:12:25 +0200 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-11-19 14:12:25 +0200 |
commit | 114999018035f64943900a0767a74b32943c1b72 (patch) | |
tree | 17670bac2e1cda5137fedbf8c56fb3e9d054f163 /src/saml2/client.py | |
parent | 1ace07fc4dd1a6eaf24643c955cc1e5ab25aed1b (diff) | |
download | pysaml2-114999018035f64943900a0767a74b32943c1b72.tar.gz |
Fix client to be able to retry creating an AuthnRequest with a different binding
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src/saml2/client.py')
-rw-r--r-- | src/saml2/client.py | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py index a7469d4f..5f82c6bc 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -129,12 +129,23 @@ class Saml2Client(Base): """ expected_binding = binding + bindings_to_try = ( + [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST] + if not expected_binding + else [expected_binding] + ) - for binding in [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST]: - if expected_binding and binding != expected_binding: - continue + binding_destinations = [] + unsupported_bindings = [] + for binding in bindings_to_try: + try: + destination = self._sso_location(entityid, binding) + except Exception as e: + unsupported_bindings.append(binding) + else: + binding_destinations.append((binding, destination)) - destination = self.sso_location(entityid, binding) + for binding, destination in binding_destinations: logger.info("destination to provider: %s", destination) # XXX - sign_post will embed the signature to the xml doc @@ -172,7 +183,12 @@ class Saml2Client(Base): return reqid, binding, http_info else: - raise SignOnError("No supported bindings available for authentication") + error_context = { + "message": "No supported bindings available for authentication", + "bindings_to_try": bindings_to_try, + "unsupported_bindings": unsupported_bindings, + } + raise SignOnError(error_context) def global_logout( self, |