Add want_assertions_or_response_signed functionality

Add the ability to configure an SP to require either a signed response
or signed assertions.

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index 0cd6eb53..d5e0cbd5 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -120,6 +120,7 @@ class Base(Entity):
             "authn_requests_signed": False,
             "want_assertions_signed": False,
             "want_response_signed": True,
+            "want_assertions_or_response_signed" : False
         }
 
         for attr, val_default in attribute_defaults.items():
@@ -135,7 +136,11 @@ class Base(Entity):
             setattr(self, attr, val)
 
         if self.entity_type == "sp" and not any(
-            [self.want_assertions_signed, self.want_response_signed]
+            [
+                self.want_assertions_signed,
+                self.want_response_signed,
+                self.want_assertions_or_response_signed,
+            ]
         ):
             logger.warning(
                 "The SAML service provider accepts unsigned SAML Responses "
@@ -691,6 +696,7 @@ class Base(Entity):
             "outstanding_certs": outstanding_certs,
             "allow_unsolicited": self.allow_unsolicited,
             "want_assertions_signed": self.want_assertions_signed,
+            "want_assertions_or_response_signed": self.want_assertions_or_response_signed,
             "want_response_signed": self.want_response_signed,
             "return_addrs": self.service_urls(binding=binding),
             "entity_id": self.config.entityid,