summaryrefslogtreecommitdiff
path: root/.gitignore
Commit message (Collapse)AuthorAgeFilesLines
* Parse assertions with Holder-of-Key profileAlex Bublichenko2019-05-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: Holder-of-Key assertions are used to achieve higher levels of federation security, compared to bearer assertions, by having Relying Party challenge subscriber to prove possession of the key specified in the assertion that represents subscriber in addition to verifying the assertion itself signed by Identity Provider. More information about it can be found in https://pages.nist.gov/800-63-3/sp800-63c.html This library fails to parase SAML respones containing assertions with Holder-of-Key profile, for example: ``` <ns1:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <ns1:SubjectConfirmationData InResponseTo="id-KHlas49TtW2VdC8WN" NotOnOrAfter="2019-05-14T20:36:13Z" Recipient="https://sp:443/.auth/saml/login"> <ns2:KeyInfo> <ns2:X509Data> <ns2:X509Certificate>MIICITCCAYoCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNVBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwFWnp6enoxDTALBgNVBAMMBHRlc3QwIBcNMTkwNDEyMTk1MDM0WhgPMzAxODA4MTMxOTUwMzRaMFgxCzAJBgNVBAYTAnp6MQswCQYDVQQIDAJ6ejENMAsGA1UEBwwEenp6ejEOMAwGA1UECgwFWnp6enoxDjAMBgNVBAsMBVp6enp6MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcj80WU/XBsd9FlyQmfjPUdfmedhCFDd6TEQmZNNqP/UG+VkGa+BXjRIHMfic/WxPTbGhCjv68ci0UDNomUXagFexLGNpkwa7+CRVtoc/1xgq+ySE6M4nhcCutScoxNvWNn5eSQ66i3U0sTv91MgsXxqEdTaiZg0BIufEc3dueQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAGUV5B+USHvaRa8kgCNJSuNpo6ARlv0ekrk8bbdNRBiEUdCMyoGJFfuM9K0zybX6Vr25wai3nvaog294Vx/jWjX2g5SDbjItH6VGy6C9GCGf1A07VxFRCfJn5tA9HuJjPKiE+g/BmrV5N4CealzFxPHWYkNOzoRU8qI7OqUai1kL</ns2:X509Certificate> </ns2:X509Data> </ns2:KeyInfo> </ns1:SubjectConfirmationData> </ns1:SubjectConfirmation> ``` fails to be parsed with the following error: ``` ERROR saml2.response:response.py:836 get subject Traceback (most recent call last): File "/home/abublich/repos/abliqo-pysaml2/venv/local/lib/python2.7/site-packages/pysaml2-4.7.0-py2.7.egg/saml2/response.py", line 828, in _assertion self.get_subject() File "/home/abublich/repos/abliqo-pysaml2/venv/local/lib/python2.7/site-packages/pysaml2-4.7.0-py2.7.egg/saml2/response.py", line 753, in get_subject if not self._holder_of_key_confirmed(_data): File "/home/abublich/repos/abliqo-pysaml2/venv/local/lib/python2.7/site-packages/pysaml2-4.7.0-py2.7.egg/saml2/response.py", line 730, in _holder_of_key_confirmed [samlp, saml, xenc, ds]): File "/home/abublich/repos/abliqo-pysaml2/venv/local/lib/python2.7/site-packages/pysaml2-4.7.0-py2.7.egg/saml2/__init__.py", line 1004, in extension_elements_to_elements for extension_element in extension_elements: TypeError: 'SubjectConfirmationData' object is not iterable ``` The root cause is two-fold: 1. The type SubjectConfirmationDataType_ does not declare KeyInfo as child element. 2. The bug in function _holder_of_key_confirmed: it should check KeyInfo child element of SubjectConfirmationData instead of SubjectConfirmationData itself. Solution: Fixed the root cause and added new unit tests that verify successful parsing of Holder-of-Key assertions.
* Remove gitignore from subdirectoriesIvan Kanakarakis2018-07-041-0/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Update gitignore fileIvan Kanakarakis2018-06-291-163/+149
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* 1. virtualenv generated directories are put in .gitignoreMd Nazrul Islam2018-04-201-0/+5
| | | | 2. remove .idea directory from git cache
* Ignore virtualenv env and tox filesAshima Athri2016-10-191-2/+2
|
* Ignore test output and vim swap filesAshima Athri2016-08-181-0/+2
|
* Fix wrong function document message and add iml in gitignoreRussel Mahmud2015-05-281-0/+1
|
* Add test result files from tests/pki to .gitignoreClint Byrum2015-05-151-0/+1
|
* add .egg and similar to .gitignoreClint Byrum2015-05-141-0/+2
| | | | Running tests leaves these behind.
* Made the index.rst more usefulShabda Raaj2015-03-311-0/+1
|
* Merge with master and fix for assertion verify signatureHans Hörberg2014-06-031-0/+14
|
* SyncHans Hörberg2014-04-011-0/+4
|
* Fix for the example repose sp.Hans Hörberg2014-03-211-0/+4
| | | | | Made it compatible with the API change: create_*_request method returns a tuple (request_id, request)
* Added to gitignoreHans Hörberg2014-03-201-0/+8
|
* Added encryption certificateHans Hörberg2014-03-181-0/+6
|
* Only validate certificate and set client certificate tp authn request.Hans Hörberg2014-03-031-0/+6
| | | | | | | | | Made it possible for the IdP to only validate the certificate without verifying the signature. This is needed when the proxy sends the SP certificate to the IdP. Made it possible to send the certificate that should be used during the creating of the authn request.
* Added code to retrieve certificate.Hans Hörberg2014-02-281-0/+2
|
* Added a file for cert generation and updated gitignore.Hans Hörberg2014-02-141-0/+38
|
* Merge pull request #61 from koliber/loader_remote_xml_optionRoland Hedberg2013-12-161-0/+2
|\ | | | | Created another way of loading remote_metadata. Allows you to specify a ...
| * Created another way of loading remote_metadata. Allows you to specify a path ↵Krystian Cybulski2013-10-091-0/+2
| | | | | | | | to a python function which will be load the content of the XML on the fly
* | Made discovery service work againg for repoze.Hans Hörberg2013-11-211-0/+4
| |
* | Added a URL that exposes metadata.Hans Hörberg2013-11-191-0/+20
|/
* Metadata neede to make the filter workHans Hörberg2013-05-071-0/+14
|
* Small fixes for the ecp case.Hans Hörberg2013-04-151-0/+44
| | | | These fixes orgin from making freeradius_ecp start working.
* Some more things for git to ignore.Roland Hedberg2013-03-011-0/+13
|
* initFredrik Thulin2013-02-071-0/+14
View Lorry Controller Status