summaryrefslogtreecommitdiff
path: root/src/saml2/assertion.py
Commit message (Collapse)AuthorAgeFilesLines
* Attribute values are optionalIvan Kanakarakis2021-12-071-4/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* fix: saml2.assertion: safeguard _filter_values against vals=NoneVlad Mencl2021-06-101-0/+3
| | | | | | | | | In certain circumstances, such as an Saml2IdP receiving a request from an SP where the SP metadata has a RequestedAttribute with specific values, `_filter_values` may be called with vals=None when processing the AuthnRequest. Safeguard against this by returning early, returning the None value unfiltered. (It will get later replaced with an [] in `_apply_attr_value_restrictions`).
* Try to get the friendlyName of the required RequestedAttribute else derive ↵Ivan Kanakarakis2021-04-181-6/+10
| | | | | | it using the canonical Name Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Bandaid for crash when friendlyName is not set in metadataJohan Lundberg2021-04-161-1/+6
|
* Set proper entity category restrictions when release is set to be emptyIvan Kanakarakis2020-12-141-0/+2
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Ignore duplicate RequestedAttribute entries when filtering attributesIvan Kanakarakis2020-11-131-1/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactor do_subject_confirmation and do_subject for policy infoIvan Kanakarakis2020-10-301-18/+14
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactor Policy to check the registration authority for restrictionsIvan Kanakarakis2020-10-301-213/+209
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow registration authorities in policyJohan Lundberg2020-10-301-66/+91
|
* Replace assert with proper checksassert_deletionIvan Kanakarakis2020-09-111-3/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Enable entity category import from module search pathScott Koranda2019-05-071-2/+5
| | | | | | | | | | | | This enhancement causes an entity category import to first be tried from the general module search path, and if that fails then to fall back to the current default of importing saml2.entity_category.<module>. This allows deployers to overlay their own customized versions of entity category modules like edugain.py that contain CoCo. This is helpful since the list of attributes to be included as part of the entity category may not be globally the same for all deployments. Such is the case with CoCo where the list of attributes changes from federation to federation and deployment to deployment.
* Ordered way to find a local name of an attribute.Roland Hedberg2017-10-111-13/+25
|
* Minor fixesIoannis Kakavas2017-07-051-8/+5
|
* Base attribute filtering on internal representation namesIoannis Kakavas2017-06-121-4/+9
| | | | | | Instead on relying on the FriendlyName from metadatata, use the name of the internal representation of an attribute in order to perform filtering. Resolves #422
* Support setting the SessionNotOnOrAfter in an authn responseAshima Athri2016-08-181-4/+9
|
* Don't catch KeyError over too broad statement.Rebecka Gulliksson2016-05-171-6/+5
| | | | | | Previously KeyError in lower level of implementation, MetadataStore.entity_categories(), was caught instead of being propagated.
* Merge branch 'master' of github.com:rohe/pysaml2Roland Hedberg2016-05-161-8/+7
|\
| * Merge pull request #331 from rebeckag/policy-compileRoland Hedberg2016-05-141-8/+7
| |\ | | | | | | Use deepcopy to avoid modifying external data.
| | * Use deepcopy to avoid modifying external data.Rebecka Gulliksson2016-05-031-8/+7
| | |
* | | Handle empty required list.Roland Hedberg2016-05-161-1/+1
| | | | | | | | | | | | Added missing recipient.
* | | Deal with entity category (CoCo) that have more complex evaluation rules.Roland Hedberg2016-05-161-48/+63
|/ /
* | Added functionality needed by the saml2test tool.Roland Hedberg2016-04-161-29/+51
|/
* Filter optional attributes in the exact same way as required attributes.Rebecka Gulliksson2015-12-281-26/+27
|
* Match the attribute name of optional attributes in the same way as for ↵Rebecka Gulliksson2015-12-281-71/+68
| | | | required attributes.
* Fixed name_format bug. Modified test to check for name_format specification.Roland Hedberg2015-11-021-1/+1
|
* Fix paramter passing in logging messagesJozef Knaperek2015-10-151-2/+2
| | | | | | | | Pass parameters into logger calls directly instead of pre-merging with the logger message. This way the logs are easier to maintain and process. The code is also faster when logging is turned off since it doesn't have to evaluate all params and render them into strings.
* Fixing py3 errors caused by views in assertionsClint Byrum2015-05-281-1/+1
| | | | | Assertions code had some assumptions that dict method iterators would return the actual type. Forcing a cast to list remedies that.
* Fix assertion test failures in python3Clint Byrum2015-05-281-1/+1
| | | | | | More strings/bytes problems causing issues with hashing. This further cements that all data coming into pysaml2 will need to be utf-8, or the API will need to have more places to specify alternative encodings.
* Fix import issues with python3Clint Byrum2015-05-211-1/+1
| | | | Relative imports are different and some modules were renamed.
* Use six.string_types instead of basestringClint Byrum2015-05-151-2/+3
| | | | | | | In python3 strings are different, so basestring isn't available anymore. While examining these uses, all of them still work fine with six.string_types and should not need any new special handling to deal with bytes.
* Fix python3 syntax errorsClint Byrum2015-05-151-1/+1
| | | | | Retains python2.7 compatibility for all files. Fixes only syntax errors, tests still fail on python3 for various reasons.
* Updated pysaml2 to support PEFIM.Hans Hörberg2015-03-161-17/+24
| | | | Added encrypted assertions with self contained namespaces in the advice element.
* Allow adding an AuthnStatement instance to the Assertion construct and ↵Roland Hedberg2014-12-011-3/+5
| | | | Server authn_response methods.
* PEP-8Roland Hedberg2014-10-021-38/+38
|
* On Copyright statement in one place.Roland Hedberg2014-09-091-14/+0
|
* Fixed attribute filtering logic, take 2.Roland Hedberg2014-06-031-12/+31
|
* Fixed problematic logic.Roland Hedberg2014-05-281-5/+6
|
* Added a policy flag that if set to False will allow the IdP to send back an ↵Roland Hedberg2014-04-141-3/+18
| | | | incomplete reply. Not containing attributes that the SP deemed important (that is marked required).
* Fixed handling of signed and then encrypted response assertions. At the ↵Roland Hedberg2014-04-141-98/+100
| | | | same time added support for dealing with any combination of encrypted/non-encrypted assertions.
* More user friendly error message.Roland Hedberg2014-03-281-23/+24
|
* Fixed a problem with filtering assertion by required/optional attributes.Roland Hedberg2014-03-271-16/+26
|
* PEP-8 stuffRoland Hedberg2014-03-241-1/+2
|
* Refactored class methodsRoland Hedberg2014-03-081-107/+94
|
* Allow for the specification of authn_instant and subject_locality in ↵Roland Hedberg2014-02-051-12/+36
| | | | | | AuthnStatements. Make it possible to tell the IdP to return a response even though the SP required attributes are not present.
* Fixed all tests and various bugs that appeared during that process.Roland Hedberg2013-12-131-1/+7
|
* If no identity information refrain from constructing an AttributeStatement.Roland Hedberg2013-12-051-1/+4
|
* Made SWAMIDs 2-dimensional entity category model work.Roland Hedberg2013-11-181-19/+21
|
* Don't add authn_statement unless actually defined.Roland Hedberg2013-11-121-2/+6
|
* More places where there should be lists and not singletons.Roland Hedberg2013-09-031-2/+2
|
* Statement should really be statements - plural !Roland Hedberg2013-09-031-2/+2
| | | | Anyway fixed so they are when assigning.
View Lorry Controller Status