summaryrefslogtreecommitdiff
path: root/src/saml2/client.py
diff options
context:
space:
mode:
authorHans Hörberg <hans.horberg@umu.se>2015-11-06 12:17:34 +0100
committerHans Hörberg <hans.horberg@umu.se>2015-11-06 12:17:34 +0100
commit3b84f65d849c2035636e1691ae0d35fe664640b9 (patch)
treece3477e5f6943edd84d646deb67705fcfff76ccd /src/saml2/client.py
parent0f209eb5498ca948f654c2128d3b037d18b8cb17 (diff)
downloadpysaml2-3b84f65d849c2035636e1691ae0d35fe664640b9.tar.gz
Added the possibility to set signature and digest algorithm on all the functions I identified.
pysaml2 has a default value for sign and digest. To make it possible to always use the same algorithm this default value has been replaced with a singleton class. The first time the singleton class is instantiated the sign and digest algorithm will be set. After that it cannot be changed. A good place to setup this single class is in the server setup. Example: ds.DefaultSignature(ds.SIG_RSA_SHA512, ds.DIGEST_SHA512)
Diffstat (limited to 'src/saml2/client.py')
-rw-r--r--src/saml2/client.py16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py
index 64871d62..c082a796 100644
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -135,7 +135,7 @@ class Saml2Client(Base):
raise SignOnError(
"No supported bindings available for authentication")
- def global_logout(self, name_id, reason="", expire=None, sign=None):
+ def global_logout(self, name_id, reason="", expire=None, sign=None, sign_alg=None, digest_alg=None):
""" More or less a layer of indirection :-/
Bootstrapping the whole thing by finding all the IdPs that should
be notified.
@@ -160,10 +160,10 @@ class Saml2Client(Base):
# find out which IdPs/AAs I should notify
entity_ids = self.users.issuers_of_info(name_id)
- return self.do_logout(name_id, entity_ids, reason, expire, sign)
+ return self.do_logout(name_id, entity_ids, reason, expire, sign, sign_alg=sign_alg)
def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
- expected_binding=None, **kwargs):
+ expected_binding=None, sign_alg=None, digest_alg=None, **kwargs):
"""
:param name_id: Identifier of the Subject (a NameID instance)
@@ -226,11 +226,11 @@ class Saml2Client(Base):
key = None
if sign:
if binding == BINDING_HTTP_REDIRECT:
- sigalg = kwargs.get("sigalg", ds.sig_default)
+ sigalg = kwargs.get("sigalg", ds.DefaultSignature().get_sign_alg())
key = kwargs.get("key", self.signkey)
srequest = str(request)
else:
- srequest = self.sign(request)
+ srequest = self.sign(request, sign_alg=sign_alg)
else:
srequest = str(request)
@@ -290,7 +290,7 @@ class Saml2Client(Base):
identity = self.users.get_identity(name_id)[0]
return bool(identity)
- def handle_logout_response(self, response):
+ def handle_logout_response(self, response, sign_alg=None, digest_alg=None):
""" handles a Logout response
:param response: A response.Response instance
@@ -309,10 +309,12 @@ class Saml2Client(Base):
return 0, "200 Ok", [("Content-type", "text/html")], []
else:
status["entity_ids"].remove(issuer)
+ if "sign_alg" in status:
+ sign_alg = status["sign_alg"]
return self.do_logout(decode(status["name_id"]),
status["entity_ids"],
status["reason"], status["not_on_or_after"],
- status["sign"])
+ status["sign"], sign_alg=sign_alg)
def _use_soap(self, destination, query_type, **kwargs):
_create_func = getattr(self, "create_%s" % query_type)