Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | Correctly order response_bindings based on requested binding | Ivan Kanakarakis | 2021-05-19 | 1 | -6/+6 | |
| | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | Do not restrict the falsy values of bindings on pick_binding method | Ivan Kanakarakis | 2021-05-19 | 1 | -1/+1 | |
| | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | Add single_logout_service to the list of services with preferred_binding | Ivan Kanakarakis | 2021-05-19 | 1 | -0/+1 | |
| | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | Refactor do_logout | Ivan Kanakarakis | 2021-05-19 | 1 | -78/+107 | |
| | | | | | | | | | | | | | | | | | | | | | | | | Consider: - what the IdP supports - what the SP prefers - the expected binding Find the common set and select the first preferred choice. Then do the logout. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | Do not limit the single_logout_service results | Ivan Kanakarakis | 2021-05-19 | 1 | -2/+0 | |
| | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | Release version 7.0.0v7.0.0 | Ivan Kanakarakis | 2021-05-18 | 2 | -1/+7 | |
| | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | Merge pull request #791 from wibed/commentary | Ivan Kanakarakis | 2021-05-18 | 2 | -6/+85 | |
|\ \ | | | | | | | Add inline documentation | |||||
| * | | Add links to updated spec versions with errata | Ivan Kanakarakis | 2021-05-18 | 2 | -3/+9 | |
| | | | ||||||
| * | | some documentation for newcomers and returners | wibed | 2021-04-05 | 2 | -6/+79 | |
| | | | ||||||
* | | | Merge pull request #778 from peppelinux/shibsp_enc | Ivan Kanakarakis | 2021-05-18 | 4 | -34/+54 | |
|\ \ \ | | | | | | | | | | | | | | | | | | | | | Replace encryption method rsa-1_5 with rsa-oaep-mgf1p Use `http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p` over `http://www.w3.org/2001/04/xmlenc#rsa-1_5` | |||||
| * | | | Embed the cert in the EncryptedData element | Ivan Kanakarakis | 2021-05-18 | 2 | -9/+16 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | Do not comment out RSA_1_5, but mark as deprecated | Ivan Kanakarakis | 2021-05-18 | 1 | -3/+2 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | Do not embed the cert in the EncryptedData element | Ivan Kanakarakis | 2021-05-18 | 3 | -27/+21 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | [Strengthen Encryption] PySAML2 Encrypted Assertions now works with ↵ | peppelinux | 2021-05-18 | 4 | -23/+43 | |
|/ / / | | | | | | | | | | | | | | | | | | | Shibboleth SP 3 - Fixed: "ERROR Shibboleth.SSO.SAML2 [6] [default]: failed to decrypt assertion: Unable to resolve any key decryption keys." - Fixed: "WARN XMLTooling.Decrypter [7] [default]: XMLSecurity exception while decrypting key: XSECAlgorithmMapper::mapURIToHandler - URI http://www.w3.org/2001/04/xmlenc#rsa-1_5 disallowed by whitelist/blacklist policy" | |||||
* | | | Release version 6.5.2v6.5.2 | Ivan Kanakarakis | 2021-05-18 | 2 | -1/+21 | |
| | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | | Add shibmd_scopes metadata extractor | Ivan Kanakarakis | 2021-05-18 | 3 | -16/+107 | |
| | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | | Merge pull request #801 from ErwinJunge/response-issuer-none | Ivan Kanakarakis | 2021-05-18 | 2 | -28/+61 | |
|\ \ \ | | | | | | | | | Issuer in a Response is optional | |||||
| * | | | Format code | Ivan Kanakarakis | 2021-05-18 | 2 | -39/+44 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | Derive the issuer value then return it | Ivan Kanakarakis | 2021-05-18 | 1 | -4/+6 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | Response issuer can be None | Erwin Junge | 2021-05-05 | 2 | -1/+27 | |
| | |/ | |/| | ||||||
* | | | Set expected_binding for SLO from preferred_binding as configured | Ivan Kanakarakis | 2021-05-18 | 1 | -0/+5 | |
| | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | | Fix sign flags on logout | Ivan Kanakarakis | 2021-05-17 | 1 | -2/+4 | |
| | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | | Merge pull request #804 from saifelse/patch-1 | Ivan Kanakarakis | 2021-05-17 | 1 | -2/+2 | |
|\ \ \ | | | | | | | | | Update Travis CI badge from travis-ci.org to travis-ci.com | |||||
| * | | | Update Travis CI badge from travis-ci.org -> travis-ci.com | Saif Hakim | 2021-05-13 | 1 | -2/+2 | |
| |/ / | | | | | | | | | | travis-ci.org is shutting down in several weeks, with all accounts migrating to travis-ci.com. This repository was already migrated to travis-ci.com, so update the badge to reflect that. | |||||
* | | | Merge pull request #797 from dirkmueller/master | Ivan Kanakarakis | 2021-05-15 | 1 | -2/+3 | |
|\ \ \ | |/ / |/| | | Always use base64.encodebytes; base64.encodestring has been dropped | |||||
| * | | Always use base64.encodebytes; base64.encodestring has been dropped | Dirk Mueller | 2021-04-26 | 1 | -2/+3 | |
|/ / | | | | | | | Signed-off-by: Dirk Mueller <dirk@dmllr.de> | |||||
* | | Merge pull request #783 from peppelinux/issue_instant | Ivan Kanakarakis | 2021-04-20 | 1 | -1/+1 | |
|\ \ | | | | | | | Fix IssueInstant validation | |||||
| * | | fix: invalid IssueInstant | peppelinux | 2021-03-20 | 1 | -1/+1 | |
| |/ | ||||||
* | | Merge pull request #794 from johanlundberg/lundberg_fix_missing_friendly_name | Ivan Kanakarakis | 2021-04-18 | 3 | -3/+155 | |
|\ \ | | | | | | | Fix crash when applying policy on RequestedAttribute without a friendlyName | |||||
| * | | Try to get the friendlyName of the required RequestedAttribute else derive ↵ | Ivan Kanakarakis | 2021-04-18 | 2 | -14/+27 | |
| | | | | | | | | | | | | | | | | | | it using the canonical Name Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | Bandaid for crash when friendlyName is not set in metadata | Johan Lundberg | 2021-04-16 | 3 | -4/+143 | |
|/ / | ||||||
* | | Sign logout requests according to logout_requests_signed config option | Ivan Kanakarakis | 2021-04-09 | 2 | -1/+6 | |
|/ | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | Merge pull request #762 from omizrahi99/master | Ivan Kanakarakis | 2021-03-08 | 1 | -2/+2 | |
|\ | | | | | Minor bug fix to metadata function in example IdP | |||||
| * | make metadata path the same as entityid | ori15 | 2021-01-14 | 1 | -1/+1 | |
| | | ||||||
| * | fixed example/idp.py to properly return metadata | ori15 | 2021-01-14 | 1 | -1/+1 | |
| | | ||||||
* | | Merge pull request #772 from peppelinux/unhandled_audience_restr | Ivan Kanakarakis | 2021-03-08 | 1 | -2/+2 | |
|\ \ | | | | | | | Correctly handle AudienceRestriction elements with no value | |||||
| * | | Response with unvalued AudienceRestriction (Condition) Handling | peppelinux | 2021-01-24 | 1 | -2/+2 | |
| | | | ||||||
* | | | Merge pull request #766 from peppelinux/invalid_assertion | Ivan Kanakarakis | 2021-03-07 | 1 | -1/+5 | |
|\ \ \ | | | | | | | | | Raise InvalidAssertion exception when assertion requirements are not met | |||||
| * | | | InvalidASsertion Exception | peppelinux | 2021-01-24 | 1 | -1/+5 | |
| |/ / | ||||||
* | | | Merge pull request #763 from peppelinux/invalid_destination_url | Ivan Kanakarakis | 2021-03-07 | 1 | -2/+9 | |
|\ \ \ | | | | | | | | | Invalid Destination URL Exception Handling | |||||
| * | | | Invalid Destination URL Exception Handling | peppelinux | 2021-01-24 | 1 | -2/+9 | |
| |/ / | ||||||
* | | | tests: Do not hardcode the namespace prefix for encrypted assertions | Ivan Kanakarakis | 2021-03-07 | 1 | -5/+9 | |
| | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
* | | | Merge pull request #779 from peppelinux/metadata_exp_handler | Ivan Kanakarakis | 2021-03-07 | 3 | -3/+19 | |
|\ \ \ | | | | | | | | | Raise SAMLError on failure to parse a metadata file | |||||
| * | | | Raise SAMLError when metadata file cannot be parsed | Ivan Kanakarakis | 2021-03-07 | 3 | -6/+17 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | Remove whitespace changes | Ivan Kanakarakis | 2021-03-07 | 1 | -1/+2 | |
| | | | | | | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | |||||
| * | | | Metadata Parse error Exception handling | peppelinux | 2021-03-06 | 2 | -4/+8 | |
| | | | | ||||||
* | | | | Merge pull request #757 from peppelinux/authn_3tuple_acs | Ivan Kanakarakis | 2021-03-07 | 1 | -1/+6 | |
|\ \ \ \ | |/ / / |/| | | | Handle all types of ACS endpoint specifications | |||||
| * | | | Fixes https://github.com/IdentityPython/pysaml2/issues/599 | peppelinux | 2020-12-26 | 1 | -1/+6 | |
| | | | | | | | | | | | | | | | | The SP authnReq now works with a 3-tuple (URL+binding+index) ACS service conf | |||||
* | | | | Merge pull request #776 from JanZerebecki/xmlschema-version | Ivan Kanakarakis | 2021-01-29 | 1 | -1/+1 | |
|\ \ \ \ | |_|/ / |/| | | | Set minimum version needed for xmlschema | |||||
| * | | | specify minimum version needed for xmlschema | Jan Zerebecki | 2021-01-29 | 1 | -1/+1 | |
|/ / / | | | | | | | | | | | | | Sandbox mode was adding in 1.2.0 of python-xmlschema and refined in 1.2.1. Its use was added in 3b707723dcf1bf60677b424aac398c0c3557641d. |