summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/saml2/ecp.py37
-rw-r--r--src/saml2/s2repoze/plugins/sp.py8
2 files changed, 30 insertions, 15 deletions
diff --git a/src/saml2/ecp.py b/src/saml2/ecp.py
index 56448e9c..8db0afad 100644
--- a/src/saml2/ecp.py
+++ b/src/saml2/ecp.py
@@ -40,7 +40,9 @@ def ecp_capable(headers):
#noinspection PyUnusedLocal
-def ecp_auth_request(cls, entityid=None, relay_state="", sign=False):
+def ecp_auth_request(
+ cls, entityid=None, relay_state="", sign=None, sign_alg=None, digest_alg=None
+):
""" Makes an authentication request.
:param entityid: The entity ID of the IdP to send the request to
@@ -59,9 +61,12 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False):
# must_understand and actor according to the standard
#
- paos_request = paos.Request(must_understand="1", actor=ACTOR,
- response_consumer_url=my_url,
- service=SERVICE)
+ paos_request = paos.Request(
+ must_understand="1",
+ actor=ACTOR,
+ response_consumer_url=my_url,
+ service=SERVICE,
+ )
eelist.append(element_to_extension_element(paos_request))
@@ -73,7 +78,13 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False):
location = cls._sso_location(entityid, binding=BINDING_SOAP)
req_id, authn_req = cls.create_authn_request(
- location, binding=BINDING_PAOS, service_url_binding=BINDING_PAOS)
+ location,
+ binding=BINDING_PAOS,
+ service_url_binding=BINDING_PAOS,
+ sign=sign,
+ sign_alg=sign_alg,
+ digest_alg=digest_alg,
+ )
body = soapenv.Body()
body.extension_elements = [element_to_extension_element(authn_req)]
@@ -96,7 +107,8 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False):
must_understand="1",
provider_name=None,
issuer=saml.Issuer(text=authn_req.issuer.text),
- idp_list=idp_list)
+ idp_list=idp_list,
+ )
eelist.append(element_to_extension_element(ecp_request))
@@ -104,8 +116,7 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False):
# <ecp:RelayState>
# ----------------------------------------
- relay_state = ecp.RelayState(actor=ACTOR, must_understand="1",
- text=relay_state)
+ relay_state = ecp.RelayState(actor=ACTOR, must_understand="1", text=relay_state)
eelist.append(element_to_extension_element(relay_state))
@@ -118,20 +129,22 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False):
soap_envelope = soapenv.Envelope(header=header, body=body)
- return req_id, "%s" % soap_envelope
+ return req_id, str(soap_envelope)
def handle_ecp_authn_response(cls, soap_message, outstanding=None):
rdict = soap.class_instances_from_soap_enveloped_saml_thingies(
- soap_message, [paos, ecp, samlp])
+ soap_message, [paos, ecp, samlp]
+ )
_relay_state = None
for item in rdict["header"]:
if item.c_tag == "RelayState" and item.c_namespace == ecp.NAMESPACE:
_relay_state = item
- response = authn_response(cls.config, cls.service_urls(), outstanding,
- allow_unsolicited=True)
+ response = authn_response(
+ cls.config, cls.service_urls(), outstanding, allow_unsolicited=True
+ )
response.loads("%s" % rdict["body"], False, soap_message)
response.verify()
diff --git a/src/saml2/s2repoze/plugins/sp.py b/src/saml2/s2repoze/plugins/sp.py
index a840ab37..3dec8d14 100644
--- a/src/saml2/s2repoze/plugins/sp.py
+++ b/src/saml2/s2repoze/plugins/sp.py
@@ -271,7 +271,6 @@ class SAML2Plugin(object):
#### IChallenger ####
# noinspection PyUnusedLocal
def challenge(self, environ, _status, _app_headers, _forget_headers):
-
_cli = self.saml_client
if "REMOTE_USER" in environ:
@@ -346,7 +345,7 @@ class SAML2Plugin(object):
)
if _cli.authn_requests_signed:
- _sid = saml2.s_utils.sid()
+ _sid = sid()
req_id, msg_str = _cli.create_authn_request(
dest,
vorg=vorg_name,
@@ -357,7 +356,10 @@ class SAML2Plugin(object):
_sid = req_id
else:
req_id, req = _cli.create_authn_request(
- dest, vorg=vorg_name, sign=False, extensions=extensions
+ dest,
+ vorg=vorg_name,
+ sign=False,
+ extensions=extensions,
)
msg_str = "%s" % req
_sid = req_id