diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2017-07-26 05:08:18 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-26 05:08:18 -0700 |
commit | 5d7f27eeb81f2d4726fa9bd47a20a49564658dc8 (patch) | |
tree | e41e37fca93ce47827a190f8479387b4915ab0d2 /src/saml2/client_base.py | |
parent | 6d2200808b618f0fc8b163d7e03e16c2827c4eeb (diff) | |
parent | 8ca067dce4dea1fb5dd4035e4f1036a47e984a17 (diff) | |
download | pysaml2-5d7f27eeb81f2d4726fa9bd47a20a49564658dc8.tar.gz |
Merge pull request #434 from c00kiemon5ter/feature-hide-assertion-consumer-service
Add configuration option to hide assertion consumer service on authn requests
This kind of functionality is required for the eIDAS SAML profile that dictates that
> eIDAS-Connectors SHOULD NOT provide AssertionConsumerServiceURL.
Diffstat (limited to 'src/saml2/client_base.py')
-rw-r--r-- | src/saml2/client_base.py | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index a5957f1d..50b457d1 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -235,26 +235,30 @@ class Base(Entity): args = {} - try: - args["assertion_consumer_service_url"] = kwargs[ - "assertion_consumer_service_urls"][0] - del kwargs["assertion_consumer_service_urls"] - except KeyError: + if self.config.getattr('hide_assertion_consumer_service', 'sp'): + args["assertion_consumer_service_url"] = None + binding = None + else: try: args["assertion_consumer_service_url"] = kwargs[ - "assertion_consumer_service_url"] - del kwargs["assertion_consumer_service_url"] + "assertion_consumer_service_urls"][0] + del kwargs["assertion_consumer_service_urls"] except KeyError: try: - args["assertion_consumer_service_index"] = str( - kwargs["assertion_consumer_service_index"]) - del kwargs["assertion_consumer_service_index"] + args["assertion_consumer_service_url"] = kwargs[ + "assertion_consumer_service_url"] + del kwargs["assertion_consumer_service_url"] except KeyError: - if service_url_binding is None: - service_urls = self.service_urls(binding) - else: - service_urls = self.service_urls(service_url_binding) - args["assertion_consumer_service_url"] = service_urls[0] + try: + args["assertion_consumer_service_index"] = str( + kwargs["assertion_consumer_service_index"]) + del kwargs["assertion_consumer_service_index"] + except KeyError: + if service_url_binding is None: + service_urls = self.service_urls(binding) + else: + service_urls = self.service_urls(service_url_binding) + args["assertion_consumer_service_url"] = service_urls[0] try: args["provider_name"] = kwargs["provider_name"] |