diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-11-22 22:26:50 +0200 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-11-24 17:46:32 +0200 |
commit | c0410837a5ee8c5c1fe656c501aa640c57000b59 (patch) | |
tree | 5fd171ab950470df4194fb8ce6b2dc23405db873 /src/saml2/server.py | |
parent | fb86347e5168af27ed5e729829f175ae17f51282 (diff) | |
download | pysaml2-c0410837a5ee8c5c1fe656c501aa640c57000b59.tar.gz |
WIP works good - set on init use on create_
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src/saml2/server.py')
-rw-r--r-- | src/saml2/server.py | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/src/saml2/server.py b/src/saml2/server.py index 68e04e27..1d4b7543 100644 --- a/src/saml2/server.py +++ b/src/saml2/server.py @@ -77,8 +77,15 @@ def _shelve_compat(name, *args, **kwargs): class Server(Entity): """ A class that does things that IdPs or AAs do """ - def __init__(self, config_file="", config=None, cache=None, stype="idp", - symkey="", msg_cb=None): + def __init__( + self, + config_file="", + config=None, + cache=None, + stype="idp", + symkey="", + msg_cb=None, + ): Entity.__init__(self, stype, config, config_file, msg_cb=msg_cb) self.eptid = None self.init_config(stype) @@ -218,6 +225,7 @@ class Server(Entity): return False # ------------------------------------------------------------------------- + def parse_authn_request(self, enc_request, binding=BINDING_HTTP_REDIRECT): """Parse a Authentication Request @@ -438,7 +446,6 @@ class Server(Entity): :param encrypt_cert_assertion: Certificate to be used for encryption of assertions. :param authn_statement: Authentication statement. - :param sign_assertion: True if assertions should be signed. :param pefim: True if a response according to the PEFIM profile should be created. :param farg: Argument to pass on to the assertion constructor @@ -510,7 +517,7 @@ class Server(Entity): # ------------------------------------------------------------------------ - # noinspection PyUnusedLocal + # XXX idp create def create_attribute_response(self, identity, in_response_to, destination, sp_entity_id, userid="", name_id=None, status=None, issuer=None, @@ -594,15 +601,15 @@ class Server(Entity): def gather_authn_response_args( self, sp_entity_id, name_id_policy, userid, **kwargs ): + kwargs["policy"] = kwargs.get("release_policy") + # collect args and return them args = {} - args["policy"] = kwargs.get( - "release_policy", self.config.getattr("policy", "idp") - ) - args['best_effort'] = kwargs.get("best_effort", False) - + # XXX will be passed to _authn_response param_defaults = { + 'policy': None, + 'best_effort': False, 'sign_assertion': False, 'sign_response': False, 'encrypt_assertion': False, @@ -610,12 +617,8 @@ class Server(Entity): 'encrypted_advice_attributes': False, 'encrypt_cert_advice': None, 'encrypt_cert_assertion': None, + # need to be named sign_alg and digest_alg } - - # signing and digest algs - self.signing_algorithm = self.config.getattr('signing_algorithm', "idp") - self.digest_algorithm = self.config.getattr('digest_algorithm', "idp") - for param, val_default in param_defaults.items(): val_kw = kwargs.get(param) val_config = self.config.getattr(param, "idp") @@ -687,6 +690,7 @@ class Server(Entity): return args + # XXX idp create def create_authn_response( self, identity, @@ -736,7 +740,6 @@ class Server(Entity): assertions in the advice element. :param encrypt_cert_assertion: Certificate to be used for encryption of assertions. - :param sign_assertion: True if assertions should be signed. :param pefim: True if a response according to the PEFIM profile should be created. :return: A response instance @@ -785,6 +788,7 @@ class Server(Entity): return self.create_error_response(in_response_to, destination, sp_entity_id, exc, name_id) + # XXX idp create def create_authn_request_response(self, identity, in_response_to, destination, sp_entity_id, name_id_policy=None, userid=None, @@ -800,7 +804,7 @@ class Server(Entity): authn_decl=authn_decl, session_not_on_or_after=session_not_on_or_after) - # noinspection PyUnusedLocal + # XXX idp create def create_assertion_id_request_response(self, assertion_id, sign=False, sign_alg=None, digest_alg=None, **kwargs): @@ -827,7 +831,8 @@ class Server(Entity): else: return assertion - # noinspection PyUnusedLocal + # XXX calls self.sign => should it call _message (which calls self.sign)? + # XXX idp create def create_name_id_mapping_response(self, name_id=None, encrypted_id=None, in_response_to=None, issuer=None, sign_response=False, @@ -859,6 +864,7 @@ class Server(Entity): logger.info("Message: %s", _resp) return _resp + # XXX idp create def create_authn_query_response(self, subject, session_index=None, requested_context=None, in_response_to=None, issuer=None, sign_response=False, @@ -892,6 +898,7 @@ class Server(Entity): def parse_ecp_authn_request(self): pass + # XXX idp create def create_ecp_authn_request_response(self, acs_url, identity, in_response_to, destination, sp_entity_id, name_id_policy=None, |