| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
a regexp generalization for wrapped and unwrapped PEM certs (BEGIN/END)
|
| |
|
|
|
|
| |
decrypting key: XSECAlgorithmMapper::mapURIToHandler - URI http://www.w3.org/2001/04/xmlenc#rsa-1_5 disallowed by whitelist/blacklist policy"
|
|
|
|
| |
assertion: Unable to resolve any key decryption keys."
|
|\
| |
| |
| |
| | |
johanlundberg/swamid_policy_update_eduperson_targeted_id_2
No eduPersonTargetedID for entity category refeds research-and-scholarship
|
|/ |
|
|\
| |
| |
| |
| | |
johanlundberg/swamid_policy_update_eduperson_targeted_id
Update of SWAMID policy regarding eduPersonTargetedID when no entity category is used
|
|/
|
|
|
| |
According to SWAMID policy no attributes should be released when
entitity category is missing
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* client_base::Base is the base for an SP and manages SP_ARGS
* server::Server is the base for an IdP and maanges AA_IDP_ARGS
* entity::Entity is the base of SP/IdPs and manages the COMMON_ARGS
The signing_algorithm and digest_algorithm are COMMON_ARGS
and should be set and managed by entity::Entity.
On init they are set as properties of the Entity object.
If no configuration has been given, the internal-default is set (through DefaultSignature()).
The set sign_alg and digest_alg must be checked against an allow/block-list
---
- Signing is done both by SPs (on requests) and IdPs (on responses).
- Signing is done both for the Redirect-binding (apply_binding()) and the POST-binding (_message() > sign()).
---
* All client_base::Base(SP) (create_*) methods end in Entity::_message()
* Almost all server::Server(IdP) (create_*) methods end in Entity::_response()
thus:
- Entity::_message() must decide the value of "sign" and call Entity::sign()
- Entity::_response() must decide the value of "sign" and call Entity::sign()
- Entity::_status_response() must decide the value of "sign" and call Entity::sign()
- Entity::sign() must decide the value of sign_alg and digest_alg and call sigver::pre_signature_part()
---
All calls to Entity::_message() and Entity::_response() (or to their callers)
must pass on sign, sign_alg and digest_alg
All calls to sigver::pre_signature_part() should happen through the same call-chain
and should pass on specific sign_alg and digest_alg params
All relevant params should be set to None unless they have been set by the caller.
---
client::do_logout should be refactored to use the same call-chain
---
These type of checks (and self.lock blocks) should be removed (there are more for sign_assertion)
```
if (sign and self.sec.cert_handler.generate_cert()) or client_crt is not None:
```
```
if self.sec.cert_handler.generate_cert()
```
---
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|/ |
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When an AuthnRequest is created with HTTP-Redirect binding, the XML document is not
signed, but instead, a signature is calculated and becomes part of the query params of
the Redirect-URL, through the Signature and SignAlg params.
Previously, when the Redirect binding was requested and signing was enabled but no
SignAlg params were defined, the Signature and SignAlg query params would be missing.
Now, if no SignAlg is defined, the default is used and the request is correctly created
with the proper query params.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|/
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\
| |
| | |
Fix test_33_identifier.py to avoid reuse of old test data files
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- If for any reason the dbm.dumb is used for saving subject.db
data the following tests can fail because subject.db.dat and
subject.db.dir are not removed. To avoid this additional deletes
of test data files are added to setup_class().
- Add also tests/*.dir, tests/*.dat, tests/*.bak to .gitignore to
prevent erroneous adding of test data to the repository
- Use full_path() helper to create the test data files under tests/
- Add py39 to tox.ini envlist
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|/
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\
| |
| |
| |
| | |
Include status-code in http_info struct
Note that, we still need to switch between 302 and 303 depending on the HTTP protocol version (1.1 or newer)
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There seems to be a problem with Travis and the handling of 'skip_cleanup' and 'cleanup'.
> Preparing deploy
>
> Cleaning up git repository with `git stash --all`. If you need build artifacts for
> deployment, set `deploy.skip_cleanup: true`. See
> https://docs.travis-ci.com/user/deployment#Uploading-Files-and-skip_cleanup.
>
> Saved working directory and index state WIP on (no branch): ...
This reverts commit 239c7a93d649a9dea171102406014a7d5113cf95.
|
|\
| |
| | |
Handle registration_policy None
|
| |
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|