diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-11-16 13:17:28 +0200 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-11-16 14:50:55 +0200 |
commit | a3b26f3b6d3ea8122c69f7172cafc250c74f1481 (patch) | |
tree | 101dc962007dd4fc52ad2953216bddf58a14b847 /src | |
parent | 68c0a8902e20b384a548f634d92312077340562d (diff) | |
download | pysaml2-a3b26f3b6d3ea8122c69f7172cafc250c74f1481.tar.gz |
Verify signed logout requests with the redirect binding
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/saml2/client.py | 18 | ||||
-rw-r--r-- | src/saml2/entity.py | 20 |
2 files changed, 32 insertions, 6 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py index aa0bd0c9..a7469d4f 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -630,7 +630,9 @@ class Saml2Client(Base): sign=None, sign_alg=None, digest_alg=None, - relay_state="", + relay_state=None, + sigalg=None, + signature=None, ): """ Deal with a LogoutRequest @@ -639,6 +641,11 @@ class Saml2Client(Base): :param name_id: The id of the current user :param binding: Which binding the message came in over :param sign: Whether the response will be signed or not + :param sign_alg: The signing algorithm for the response + :param digest_alg: The digest algorithm for the the response + :param relay_state: The relay state of the request + :param sigalg: The SigAlg query param of the request + :param signature: The Signature query param of the request :return: Keyword arguments which can be used to send the response what's returned follow different patterns for different bindings. If the binding is BINDIND_SOAP, what is returned looks like this:: @@ -652,8 +659,13 @@ class Saml2Client(Base): """ logger.info("logout request: %s", request) - _req = self._parse_request(request, LogoutRequest, - "single_logout_service", binding) + _req = self.parse_logout_request( + xmlstr=request, + binding=binding, + relay_state=relay_state, + sigalg=sigalg, + signature=signature, + ) if _req.message.name_id == name_id: try: diff --git a/src/saml2/entity.py b/src/saml2/entity.py index e926d2c5..f818b702 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -1584,7 +1584,14 @@ class Entity(HTTPBase): # ------------------------------------------------------------------------ - def parse_logout_request(self, xmlstr, binding=BINDING_SOAP): + def parse_logout_request( + self, + xmlstr, + binding=BINDING_SOAP, + relay_state=None, + sigalg=None, + signature=None, + ): """ Deal with a LogoutRequest :param xmlstr: The response as a xml string @@ -1594,8 +1601,15 @@ class Entity(HTTPBase): was not. """ - return self._parse_request(xmlstr, saml_request.LogoutRequest, - "single_logout_service", binding) + return self._parse_request( + enc_request=xmlstr, + request_cls=saml_request.LogoutRequest, + service="single_logout_service", + binding=binding, + relay_state=relay_state, + sigalg=sigalg, + signature=signature, + ) def use_artifact(self, message, endpoint_index=0): """ |