Return the ResponseLocation before falling back to Locationfeature-logout-response-location

ResponseLocation [Optional] Optionally specifies a different location to which response messages sent as part of the protocol or profile should be sent. The allowable syntax of this URI depends on the protocol binding. The ResponseLocation attribute is used to enable different endpoints to be specified for receiving request and response messages associated with a protocol or profile, not as a means of load-balancing or redundancy (multiple elements of this type can be included for this purpose). When a role contains an element of this type pertaining to a protocol or profile for which only a single type of message (request or response) is applicable, then the ResponseLocation attribute is unused. [E41]If the ResponseLocation attribute is omitted, any response messages associated with a protocol or profile may be assumed to be handled at the URI indicated by the Location attribute. ArtifactResolutionService, SingleSignOnService and NameIDMappingService MUST omit the ResponseLocation attribute. This is enforced here, but metadata with such service declarations and such attributes should not have been part of the metadata store in the first place. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
author: Ivan Kanakarakis <ivan.kanak@gmail.com> 2020-09-29 12:27:22 +0300
committer: Ivan Kanakarakis <ivan.kanak@gmail.com> 2020-10-28 00:01:45 +0200
commit: 59913a155ce06c6fe4e43ea1b15586e3d59bafb3 (patch)
tree: 8accb74f2350925b0593a806c481b767bd432203 /src/saml2/mdstore.py
parent: 524b70d3ef4523b40b999ee2cd0008f41a31c437 (diff)
download: pysaml2-59913a155ce06c6fe4e43ea1b15586e3d59bafb3.tar.gz
1 files changed, 55 insertions, 11 deletions
diff --git a/src/saml2/mdstore.py b/src/saml2/mdstore.py
index 41e521ec..3dfd0e5a 100644
--- a/src/saml2/mdstore.py
+++ b/src/saml2/mdstore.py
@@ -5,6 +5,8 @@ import json
 import logging
 import os
 import sys
+from itertools import chain
+from warnings import warn as _warn
 
 from hashlib import sha1
 from os.path import isfile
@@ -26,7 +28,11 @@ from saml2 import BINDING_SOAP
 from saml2.httpbase import HTTPBase
 from saml2.extension.idpdisc import BINDING_DISCO
 from saml2.extension.idpdisc import DiscoveryResponse
+from saml2.md import NAMESPACE as NS_MD
 from saml2.md import EntitiesDescriptor
+from saml2.md import ArtifactResolutionService
+from saml2.md import NameIDMappingService
+from saml2.md import SingleSignOnService
 from saml2.mdie import to_dict
 from saml2.s_utils import UnsupportedBinding
 from saml2.s_utils import UnknownSystemEntity
@@ -70,6 +76,9 @@ classnames = {
         ns=NS_MDUI, tag=PrivacyStatementURL.c_tag
     ),
     "mdui_uiinfo_logo": "{ns}&{tag}".format(ns=NS_MDUI, tag=Logo.c_tag),
+    "service_artifact_resolution": "{ns}&{tag}".format(ns=NS_MD, tag=ArtifactResolutionService.c_tag),
+    "service_single_sign_on": "{ns}&{tag}".format(ns=NS_MD, tag=SingleSignOnService.c_tag),
+    "service_nameid_mapping": "{ns}&{tag}".format(ns=NS_MD, tag=NameIDMappingService.c_tag),
 }
 
 ENTITY_CATEGORY = "http://macedir.org/entity-category"
@@ -79,8 +88,6 @@ ASSURANCE_CERTIFICATION = "urn:oasis:names:tc:SAML:attribute:assurance-certifica
 SAML_METADATA_CONTENT_TYPE = "application/samlmetadata+xml"
 DEFAULT_FRESHNESS_PERIOD = "P0Y0M0DT12H0M0S"
 
-
-
 REQ2SRV = {
     # IDP
     "authn_request": "single_sign_on_service",
@@ -149,17 +156,54 @@ def metadata_modules():
     return _res
 
 
-def response_destinations(srvs):
-    _res = []
-    for s in srvs:
-        if "response_location" in s:
-            _res.append(s["response_location"])
-        else:
-            _res.append(s["location"])
-    return _res
+def response_locations(srvs):
+    """
+    Return the ResponseLocation attributes mapped to the services.
+
+    ArtifactResolutionService, SingleSignOnService and NameIDMappingService MUST omit
+    the ResponseLocation attribute. This is enforced here, but metadata with such
+    service declarations and such attributes should not have been part of the metadata
+    store in the first place.
+    """
+    values = (
+        s["response_location"]
+        for s in srvs
+        if "response_location" in s
+        if s["__class__"] not in [
+            classnames["service_artifact_resolution"],
+            classnames["service_single_sign_on"],
+            classnames["service_nameid_mapping"],
+        ]
+    )
+    return values
+
+
+def locations(srvs):
+    values = (
+        s["location"]
+        for s in srvs
+        if "location" in s
+    )
+    return values
+
 
 def destinations(srvs):
-    return [s["location"] for s in srvs]
+    warn_msg = (
+        "`saml2.mdstore.destinations` function is deprecated; "
+        "instead, use `saml2.mdstore.locations` or `saml2.mdstore.all_locations`."
+    )
+    logger.warning(warn_msg)
+    _warn(warn_msg)
+    values = list(locations(srvs))
+    return values
+
+
+def all_locations(srvs):
+    values = chain(
+        response_locations(srvs),
+        locations(srvs),
+    )
+    return values
 
 
 def attribute_requirement(entity, index=None):
author	Ivan Kanakarakis <ivan.kanak@gmail.com>	2020-09-29 12:27:22 +0300
committer	Ivan Kanakarakis <ivan.kanak@gmail.com>	2020-10-28 00:01:45 +0200
commit	59913a155ce06c6fe4e43ea1b15586e3d59bafb3 (patch)
tree	8accb74f2350925b0593a806c481b767bd432203 /src/saml2/mdstore.py
parent	524b70d3ef4523b40b999ee2cd0008f41a31c437 (diff)
download	pysaml2-59913a155ce06c6fe4e43ea1b15586e3d59bafb3.tar.gz