diff options
author | ivan <ivan@grnet.gr> | 2017-07-14 11:32:45 +0300 |
---|---|---|
committer | ivan <ivan@grnet.gr> | 2017-07-17 15:37:17 +0300 |
commit | 47cbd128516d5994591e9ae8d3068bf43196f018 (patch) | |
tree | b39f03eea21a252040868d6b7b843499e1d14c25 /src | |
parent | a490e4759d5ea5f6e0cdf8da3e853937fe0d9371 (diff) | |
download | pysaml2-47cbd128516d5994591e9ae8d3068bf43196f018.tar.gz |
Add option to hide assertion consumer service on authn requests
When 'hide_assertion_consumer_service' is set to 'true', then the
AuthnRequest will not include the 'AssertionConsumerServiceURL' and
'ProtocolBinding' attributes.
Diffstat (limited to 'src')
-rw-r--r-- | src/saml2/client_base.py | 34 | ||||
-rw-r--r-- | src/saml2/config.py | 3 |
2 files changed, 21 insertions, 16 deletions
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index f740cb07..2a5d45cf 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -235,26 +235,30 @@ class Base(Entity): args = {} - try: - args["assertion_consumer_service_url"] = kwargs[ - "assertion_consumer_service_urls"][0] - del kwargs["assertion_consumer_service_urls"] - except KeyError: + if self.config.getattr('hide_assertion_consumer_service', 'sp'): + args["assertion_consumer_service_url"] = None + binding = None + else: try: args["assertion_consumer_service_url"] = kwargs[ - "assertion_consumer_service_url"] - del kwargs["assertion_consumer_service_url"] + "assertion_consumer_service_urls"][0] + del kwargs["assertion_consumer_service_urls"] except KeyError: try: - args["assertion_consumer_service_index"] = str( - kwargs["assertion_consumer_service_index"]) - del kwargs["assertion_consumer_service_index"] + args["assertion_consumer_service_url"] = kwargs[ + "assertion_consumer_service_url"] + del kwargs["assertion_consumer_service_url"] except KeyError: - if service_url_binding is None: - service_urls = self.service_urls(binding) - else: - service_urls = self.service_urls(service_url_binding) - args["assertion_consumer_service_url"] = service_urls[0] + try: + args["assertion_consumer_service_index"] = str( + kwargs["assertion_consumer_service_index"]) + del kwargs["assertion_consumer_service_index"] + except KeyError: + if service_url_binding is None: + service_urls = self.service_urls(binding) + else: + service_urls = self.service_urls(service_url_binding) + args["assertion_consumer_service_url"] = service_urls[0] try: args["provider_name"] = kwargs["provider_name"] diff --git a/src/saml2/config.py b/src/saml2/config.py index 50d61c57..235bf91e 100644 --- a/src/saml2/config.py +++ b/src/saml2/config.py @@ -75,7 +75,8 @@ SP_ARGS = [ "name_id_format", "name_id_format_allow_create", "logout_requests_signed", - "requested_attribute_name_format" + "requested_attribute_name_format", + "hide_assertion_consumer_service", ] AA_IDP_ARGS = [ |