diff options
Diffstat (limited to 'src/saml2/pack.py')
-rw-r--r-- | src/saml2/pack.py | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/src/saml2/pack.py b/src/saml2/pack.py index f8fdbfcb..f0890471 100644 --- a/src/saml2/pack.py +++ b/src/saml2/pack.py @@ -141,8 +141,15 @@ def http_post_message(message, relay_state="", typ="SAMLRequest", **kwargs): "status": 200} -def http_redirect_message(message, location, relay_state="", typ="SAMLRequest", - sigalg='', signer=None, **kwargs): +def http_redirect_message( + message, + location, + relay_state="", + typ="SAMLRequest", + sigalg=None, + sign=None, + backend=None, +): """The HTTP Redirect binding defines a mechanism by which SAML protocol messages can be transmitted within URL parameters. Messages are encoded for use with this binding using a URL encoding @@ -156,7 +163,7 @@ def http_redirect_message(message, location, relay_state="", typ="SAMLRequest", :param typ: What type of message it is SAMLRequest/SAMLResponse/SAMLart :param sigalg: Which algorithm the signature function will use to sign the message - :param signer: A signature function that can be used to sign the message + :param sign: Whether the message should be signed :return: A tuple containing header information and a HTML message. """ @@ -178,21 +185,22 @@ def http_redirect_message(message, location, relay_state="", typ="SAMLRequest", if relay_state: args["RelayState"] = relay_state - if signer: + if sign: # sigalgs, should be one defined in xmldsig if sigalg not in [long_name for short_name, long_name in SIG_ALLOWED_ALG]: raise Exception( "Signature algo not in allowed list: {algo}".format(algo=sigalg) ) - args["SigAlg"] = sigalg + signer = backend.get_signer(sigalg) if sign and sigalg else None + if not signer: + raise Exception("Could not init signer fro algo {algo}".format(algo=sigalg)) - string = "&".join([urlencode({k: args[k]}) - for k in _order if k in args]).encode('ascii') - args["Signature"] = base64.b64encode(signer.sign(string)) - string = urlencode(args) - else: - string = urlencode(args) + args["SigAlg"] = sigalg + string = "&".join(urlencode({k: args[k]}) for k in _order if k in args) + string_enc = string.encode('ascii') + args["Signature"] = base64.b64encode(signer.sign(string_enc)) + string = urlencode(args) glue_char = "&" if urlparse(location).query else "?" login_url = glue_char.join([location, string]) headers = [('Location', str(login_url))] |