| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
|
| |\
| |
| | |
Allow request signing in artifact2message
|
| |/ |
|
| |\
| |
| | |
Fix wrong identifiers for ecdsa algos
|
| |/ |
|
| |\
| |
| | |
Fix automatic inversion of attribute map files
|
| | |
| |
| |
| |
| | |
In order for automatic inversion of attribute maps to work, we need to accept
definitions of attribute maps with only one of `to` or `fro`.
|
| | |
| |
| |
| |
| | |
We have three copies of the code that looks for attribute map definitions in a
python module: let's factor them out.
|
| |\ \
| |/
|/| |
Remove spurious `exception` logging
|
| |/
|
|
|
|
| |
These two `logger.exception` calls are both incorrect, because neither are in
an `except` block - which means that they will log a stacktrace for whatever
the most recent exception was (which may be wholly unrelated).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce new configuration option `entity_attributes` that defines a list of
dictionaries each of which represents an <Attribute> element. Each dicrionary has fields
for the NameFormat, the Name, the FriendName and a list of strings that are used to
create <AttributeValue> elements, each with the string as the text node.
"entity_attributes": [
{
"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oasis:names:tc:SAML:profiles:subject-id:req",
# "friendly_name" is not set
"values": ["any"],
},
]
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
This reverts commit b8539198eb02149510a831e2c93c88ef8c438042.
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `name_id_format` configuration option is used to define
1. the value of the `<NameIDFormat>` metadata element
2. and the value of the `<NameIDPolicy>` `Format` attribute in an `AuthnRequest`
The configuration option to set what the value of `<NameIDFormat>` element is in the
metadata should be different from the configuration option to specify what should be
requested in an `AuthnRequest` through the `<NameIDPolicy Format="...">` attribute.
Introduce a new option (`name_id_policy_format`), or use the same name but scoped in a
specific section for metadata and AuthnRequest.
On the side of this, pysaml2 defaults to _transient_ as the `<NameIDPolicy
Format="...">` attribute value. To omit requesting a value for the `<NameIDPolicy
Format="">` attribute the value `"None"` (a string) must be set in the configuration.
This is unintuitive. It is better to be explicit and set transient to request a
transient NameID, than not setting a value and requesting transient by default. If no
value is set, no specific `<NameIDPolicy Format="...">` should be requested.
- Refactor the name_id_format usage
- Add name_id_policy_format configuration option
- Remove the "None" convention value
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |\
| |
| |
| |
| | |
johanlundberg/lundberg_entity_category_and_attribute_mapping
SwedenConnect attribute mapping and SWAMID entity category, part 2
|
| |/ |
|
| |\
| |
| | |
Update documentation for additional_cert_files and cert_file
|
| |/
|
| |
Mention `additional_cert_files` and the fact that `cert_file` only accepts a single cert and not a chain
|
| |\
| |
| |
| |
| | |
johanlundberg/lundberg_entity_category_and_attribute_mapping
Add SwedenConnect attribute mapping and SWAMID entity category
|
| | | |
|
| |/
|
|
| |
https://docs.swedenconnect.se/technical-framework/latest/00_-_Swedish_eID_Framework_-_Introduction.html
|
| |\
| |
| | |
Allow generation of signed metadata in python3
|
| | | |
|
| |/ |
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |\
| |
| |
| |
| | |
IdentityPython/feat-requested-attributes-per-request
Set eIDAS RequestedAttributes per AuthnRequest
|
| | |
| |
| |
| |
| |
| | |
This is always done on use, ie, on client_base.py::create_authn_request
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
