summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Release version 7.1.0v7.1.0Ivan Kanakarakis2021-11-162-1/+30
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix signature verification for the redirect bindingIvan Kanakarakis2021-11-166-45/+285
|\ | | | | | | | | - When an AuthnRequest is received by the Server - When a LogoutRequest is received by the client or the server
| * Verify signed logout requests with the redirect bindingIvan Kanakarakis2021-11-163-18/+102
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * Small refactorIvan Kanakarakis2021-11-163-65/+77
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * Refactored redirect signature check into separate methodVishal Kadam2021-11-151-41/+48
| |
| * 633: Support for redirect binding signature check using query param valuesVishal Kadam2021-11-155-13/+150
|/
* Merge pull request #781 from challet/key-nameIvan Kanakarakis2021-11-026-29/+73
|\ | | | | Include proper KeyName in encrypted assertion
| * Ouput the according KeyName in encrypted answerClément Hallet2021-11-026-29/+73
|/ | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Enhance invalid document format info with reasonIvan Kanakarakis2021-11-011-0/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #807 from pandafy/issues/806-requested-authn-contextIvan Kanakarakis2021-10-206-24/+116
|\ | | | | Adds option to configure RequestedAuthnContext
| * Add new config option requested_authn_contextIvan Kanakarakis2021-10-205-30/+113
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * Adds configuration directive for RequestedAuthnContext #806Gagan Deep2021-10-192-3/+12
|/ | | | Closes #806
* Use the files API instead of path from importlib.resourcesIvan Kanakarakis2021-10-193-34/+35
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove unused importsIvan Kanakarakis2021-10-191-3/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Check for multiple eptid valuesIvan Kanakarakis2021-10-191-0/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #829 from SanctusMessor/update_pkiIvan Kanakarakis2021-10-199-125/+329
|\ | | | | Update example keys and certs to 4096 as 2048 bit key pairs have are not supported anymore
| * Remove key and pem used for examplesIvan Kanakarakis2021-10-192-84/+0
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * Update all.sh to generate 4096 bit keys to avoid SSL KEY TO SMALL errorsSanctus Messor2021-10-071-1/+1
| |
| * updating example keys to avoid SSL KEY TO SMALL errorsSanctus Messor2021-10-0710-124/+412
| |
* | Merge pull request #828 from amoralej/masterIvan Kanakarakis2021-10-193-3/+13
|\ \ | |/ |/| Use importlib.resources in python >= 3.7
| * Use importlib.resources in python >= 3.7Alfredo Moralejo2021-10-113-3/+13
|/ | | | | | | | importlib.resources was added to python standard library since python 3.7 [1]. This patch is implementing conditional to use it instead of the importlib_resources backport when using python 3.7 or newer. [1] https://docs.python.org/3/whatsnew/3.7.html
* Merge pull request #827 from rectalogic/session-indexIvan Kanakarakis2021-09-212-3/+30
|\ | | | | Handle KeyError when retrieving SessionIndex
| * Handle KeyError when retrieving SessionIndexAndrew Wason2021-09-102-3/+30
| | | | | | | | | | This was broken in commit b69e92585 Fixes https://github.com/IdentityPython/pysaml2/issues/826
* | Fix example metadata generationIvan Kanakarakis2021-09-202-1/+50
| | | | | | | | | | | | | | - add initial example-IdP metadata file - unset valid until property from the metadata of the IdP Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Merge pull request #825 from c00kiemon5ter/feat-keep-unknown-md-extensionsIvan Kanakarakis2021-09-122-11/+39
|\ \ | |/ |/| Keep unknown metadata extensions
| * Keep unknown metadata extensionsIvan Kanakarakis2021-09-092-11/+39
|/ | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow AuthnStatement to be optionalIvan Kanakarakis2021-08-301-9/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow saml2.response.AuthnResponse::get_subject to decrypt a NameID with the ↵Ivan Kanakarakis2021-08-271-8/+9
| | | | | | given keys Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Formatting and use of public methodsIvan Kanakarakis2021-08-271-6/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #803 from sebulibah/documentationIvan Kanakarakis2021-07-271-6/+298
|\ | | | | Improve PySAML2 documentation - Add undocumented configuration options
| * add configuration options for idp/aa specific directivessebulibah2021-05-191-4/+25
| |
| * Apply suggestions from code reviewHannah Sebuliba2021-05-141-3/+3
| | | | | | Co-authored-by: Florian Best <spaceone@users.noreply.github.com>
| * add documentation for configuration optionssebulibah2021-05-111-6/+277
| |
* | Add note to docs on debugging responsese271828-2021-07-272-9/+13
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Merge pull request #809 from REANNZ/metadata_reloadIvan Kanakarakis2021-07-264-4/+48
|\ \ | | | | | | Support metadata reload
| * | fix: saml2.Entity/reload_metadata: use self.entity_type instead of iterating ↵Vlad Mencl2021-07-201-5/+4
| | | | | | | | | | | | | | | | | | over all types As per review suggestion in #809
| * | nfc: reformat expression in src/saml2/mdstore.py as per reviewVlad Mencl2021-07-201-3/+7
| | | | | | | | | Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * | nfc: fix formatting in comment (tab vs spaces) in src/saml2/entity.pyVlad Mencl2021-07-201-1/+1
| | | | | | | | | Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * | new: saml2.Entity: support reloading metadataVlad Mencl2021-06-111-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support reloading metadata by adding a reload_metadata method to saml2.Entity. This method gets the metadata configuration in the same format as the 'metadata' entry in the configuration passed to saml2.Config. To keep metadata refreshed, this method needs to be periodically explicitly called. For a metadata refresh with the same configuration, the calling application should keep a copy of the original configuration to pass to this method. Resolves #808
| * | fix: saml2.assertion: safeguard _filter_values against vals=NoneVlad Mencl2021-06-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | In certain circumstances, such as an Saml2IdP receiving a request from an SP where the SP metadata has a RequestedAttribute with specific values, `_filter_values` may be called with vals=None when processing the AuthnRequest. Safeguard against this by returning early, returning the None value unfiltered. (It will get later replaced with an [] in `_apply_attr_value_restrictions`).
| * | fix: mdstore: fix exception handler in InMemoryMetaData.parseVlad Mencl2021-06-091-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The exception handler in InMemoryMetaData.parse was failing for subclasses other then `MetaDataFile` with: AttributeError: 'MetaDataExtern' object has no attribute 'filename' - because `self.filename` is only defined for MetaDataFile but not MetaDataExtern The handler was essentially expecting it would only be invoked for MetaDataFile and not other subclasses of InMemoryMetaData. Provide useful descriptive messages for MetaDataFile and MetaDataExtern subclassses - and fall back to a generic (but safe) message otherwise.
| * | fix: mdstore: fix MetadataStore.dumps(format="md")Vlad Mencl2021-06-091-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MetadataStore.dumps(format="md") was failing with TypeError: Object of type dict_items is not JSON serializable ... because self.items() returns dictitems() - while only a dict would be serializable into JSON. Convert the dictitems back into a dict.
| * | fix: saml2/time_util: get before/after docstrings rightVlad Mencl2021-06-091-2/+2
| | | | | | | | | | | | Align the docstrings with what the functions actually implement.
* | | Consider DeclRef equivalent to ClassRefIvan Kanakarakis2021-07-131-1/+4
| | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | | Refactor saml2.response.Response.authn_infoIvan Kanakarakis2021-07-131-14/+18
| | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | | Fix doc example to reference assurance_certificationIvan Kanakarakis2021-07-101-1/+1
| | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | | Require the enveloped-signature transform to be presentIvan Kanakarakis2021-06-201-10/+18
| | | | | | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | | Improve signature checksIvan Kanakarakis2021-06-203-34/+85
|/ / | | | | | | | | | | | | | | - Enforce allowed canonicalization methods - Enforce allowed transform aglorithms - Ensure the Object element is absent Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Release version 7.0.1v7.0.1Ivan Kanakarakis2021-05-202-1/+7
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Do not look at preferred_binding on handle_logout_requestIvan Kanakarakis2021-05-201-2/+1
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
View Lorry Controller Status