Set force_authn when the value is "true" or "1"

Following d257d3054f36b4f3dfaba8b7394a2e8bab0aaf2e the ForceAuthn attribute is
an xsd:boolean value which can be any of "false", "true", "0" or "1". We must
set force_authn when the value is "true" or "1".

We set the value into kwargs, which is then mirrored onto _args, which is
merged with args, which is finally given to the saml2.samlp.AuthnRequest class
to construct the object.
Previously, we set the value into args directly, which would be overwritten by
the call to _filter_args.

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

1 files changed, 10 insertions, 9 deletions

diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index 6d8edcfa..93845ff6 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -371,13 +371,6 @@ class Base(Entity):
         except KeyError:
             nsprefix = None
 
-        force_authn = (
-            kwargs.get("force_authn")
-            or self.config.getattr('force_authn', 'sp')
-        )
-        if str(force_authn).lower() == 'true':
-            args['force_authn'] = 'true'
-
         conf_sp_type = self.config.getattr('sp_type', 'sp')
         conf_sp_type_in_md = self.config.getattr('sp_type_in_metadata', 'sp')
         if conf_sp_type and conf_sp_type_in_md is False:
@@ -439,9 +432,17 @@ class Base(Entity):
                 extension_elements=items)
             extensions.add_extension_element(item)
 
+        force_authn = str(
+            kwargs.pop("force_authn", None)
+            or self.config.getattr("force_authn", "sp")
+        ).lower() in ["true", "1"]
+        if force_authn:
+            kwargs["force_authn"] = "true"
+
         if kwargs:
-            _args, extensions = self._filter_args(AuthnRequest(), extensions,
-                                                  **kwargs)
+            _args, extensions = self._filter_args(
+                AuthnRequest(), extensions, **kwargs
+            )
             args.update(_args)
 
         args.pop("id", None)