summaryrefslogtreecommitdiff
path: root/src/saml2/config.py
Commit message (Collapse)AuthorAgeFilesLines
* Linter fixesIvan Kanakarakis2021-11-241-6/+5
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Adds configuration directive for RequestedAuthnContext #806Gagan Deep2021-10-191-0/+1
| | | | Closes #806
* Fixes https://github.com/IdentityPython/pysaml2/issues/599peppelinux2020-12-261-1/+6
| | | | The SP authnReq now works with a 3-tuple (URL+binding+index) ACS service conf
* Configurable signing and digest algpeppelinux2020-11-241-0/+4
|
* Remove the metadata_construction paramIvan Kanakarakis2020-10-301-5/+21
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Move endpoints, metadata, ui_info and name_id_format as common config optionsIvan Kanakarakis2020-10-301-7/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Handle complex configs in the same placeIvan Kanakarakis2020-10-301-0/+9
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove unneeded unicode_convert methodIvan Kanakarakis2020-10-301-16/+2
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Handle complex configs in the same placeIvan Kanakarakis2020-10-301-23/+5
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove python shebang from configIvan Kanakarakis2020-10-301-5/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Do not keep per service-type attribute converters and metadataIvan Kanakarakis2020-10-301-44/+22
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Policy needs metadata store to lookup registration authority for a SPJohan Lundberg2020-10-301-1/+1
|
* Warn and log warning messagesIvan Kanakarakis2020-10-281-3/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fixes #733: add setting to sign logout responsesMaxime Besson2020-10-071-0/+2
|
* Support logging configuration through the python loggerIvan Kanakarakis2020-09-291-18/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Support arbitrary entity attributesIvan Kanakarakis2020-07-111-0/+2
| | | | | | | | | | | | | | | | | | Introduce new configuration option `entity_attributes` that defines a list of dictionaries each of which represents an <Attribute> element. Each dicrionary has fields for the NameFormat, the Name, the FriendName and a list of strings that are used to create <AttributeValue> elements, each with the string as the text node. "entity_attributes": [ { "name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "name": "urn:oasis:names:tc:SAML:profiles:subject-id:req", # "friendly_name" is not set "values": ["any"], }, ] Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Differentiate between metadata NameIDFormat and AuthnRequest NameIDPolicy FormatIvan Kanakarakis2020-07-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The `name_id_format` configuration option is used to define 1. the value of the `<NameIDFormat>` metadata element 2. and the value of the `<NameIDPolicy>` `Format` attribute in an `AuthnRequest` The configuration option to set what the value of `<NameIDFormat>` element is in the metadata should be different from the configuration option to specify what should be requested in an `AuthnRequest` through the `<NameIDPolicy Format="...">` attribute. Introduce a new option (`name_id_policy_format`), or use the same name but scoped in a specific section for metadata and AuthnRequest. On the side of this, pysaml2 defaults to _transient_ as the `<NameIDPolicy Format="...">` attribute value. To omit requesting a value for the `<NameIDPolicy Format="">` attribute the value `"None"` (a string) must be set in the configuration. This is unintuitive. It is better to be explicit and set transient to request a transient NameID, than not setting a value and requesting transient by default. If no value is set, no specific `<NameIDPolicy Format="...">` should be requested. - Refactor the name_id_format usage - Add name_id_policy_format configuration option - Remove the "None" convention value Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove the id_attr_name configuration optionIvan Kanakarakis2020-05-261-2/+0
| | | | | | | The name of the id-attribute for signing, encrypting and decrypting an XML document is well know for each of those operations. There is no need to define another. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove logger configurationIvan Kanakarakis2020-05-121-63/+6
| | | | | | | | | | | | | | | | | | | | ``` ************* Module saml2.config src/saml2/config.py:464:23: E1135: Value '_logconf' doesn't support membership test (unsupported-membership-test) src/saml2/config.py:466:27: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object) src/saml2/config.py:481:50: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object) src/saml2/config.py:486:22: E1120: No value for argument 'filename' in constructor call (no-value-for-parameter) src/saml2/config.py:488:23: E1135: Value '_logconf' doesn't support membership test (unsupported-membership-test) src/saml2/config.py:489:42: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object) src/saml2/config.py:505:43: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object) src/saml2/config.py:552:19: E1136: Value 'self.virtual_organization' is unsubscriptable (unsubscriptable-object) ``` this seems right; the operations upon the Logger object do not make sense. There is no need to "fix" this, we just remove the relevant code. We should come back to this and refactor how the logger is configured for the library. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Extract `PYSAML2_DELETE_TMPFILES` option to config.pyJohn Paraskevopoulos2019-11-261-0/+8
| | | | | | | | | | | | | | | | - Moves parsing PYSAML2_DELETE_TMPFILES option to config.py and uses the value as a Config class property (`delete_tmpfiles`). This attribute is part of the configuration so its place is in the config.py and the corresponding class. This may add the config object dependency to classes/functions that are calling the `make_temp` function, but at the same time keeps a more layered approach since this config option is now processed and set up in the correct layer; that is the Config class and the config module. Scripts that (in)directly use classes that have methods that use the `make_temp` functions were not changed since those methods are not called when these scripts run and they are out of the scripts' scope (that is, the script functionality does not create any temp file). Those scripts are `verify_metadata`, `merge_metadata` and `mdexport`
* Adds metadata attribute for entity_category_supportChristos Kanellopoulos2018-11-281-0/+2
|
* Add assurance_certification configuration optionIvan Kanakarakis2018-11-261-4/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add want_assertions_or_response_signed functionalityScott Koranda2018-11-211-0/+1
| | | | | | | Add the ability to configure an SP to require either a signed response or signed assertions. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #562 from erakli/update_config_factoryIvan Kanakarakis2018-11-191-9/+25
|\ | | | | Make config_factory to be more universal method
| * Make config_factory more universal methodEgor Panfilov2018-11-191-9/+25
| |
* | Various small refactorEgor Panfilov2018-11-191-4/+4
|/
* Allow configuration and specification of id attribute nameIvan Kanakarakis2018-08-041-0/+2
| | | | | | | The id attribute name is used by xmlsec1 to find the correct attribute in the given element that contains the id of the node that will be signed. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Formatting and cleanupIvan Kanakarakis2018-08-041-5/+16
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix deprecation and resource warnings.Ivan Kanakarakis2018-08-021-1/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add eIDAS RequestedAttributes node supportivan2017-10-081-0/+1
|
* Add eIDAS SPType node supportivan2017-10-081-0/+2
|
* Merge branch 'master' into feature-hide-assertion-consumer-serviceIvan Kanakarakis2017-07-261-1/+1
|\
| * Merge pull request #431 from c00kiemon5ter/feature-force-authn-configurationIvan Kanakarakis2017-07-261-1/+2
| |\ | | | | | | Add force_authn sp configuration option
| | * Add force_authn sp configuration optionivan2017-07-141-1/+2
| | | | | | | | | | | | | | | | | | | | | If the value is truthy, "true" is given as the ForceAuthn value. The value is derived from the 'force_authn' keyword argument as passed to 'create_authn_request()' method otherwise it fallbacks to the configuration value.
| * | Remove allow_unsolicited attribute from config objectivan2017-07-121-1/+0
| |/
* | Add option to hide assertion consumer service on authn requestsivan2017-07-171-1/+2
|/ | | | | | When 'hide_assertion_consumer_service' is set to 'true', then the AuthnRequest will not include the 'AssertionConsumerServiceURL' and 'ProtocolBinding' attributes.
* Allow to configuration option name_id_format_allow_create for sp configJohan Lundberg2017-04-211-0/+2
|
* Remove (undeclared dependency) usage of backports.test.support. This wasDan Sully2016-10-261-6/+7
| | | | | | | | pulling in `unittest2` as a runtime dependency instead of a test dependency. It's also really not needed, as the functionality that it provides was not being called. Just use importlib instead. Remove unused functions in s_utils.py
* add_header method and returning a byte string.Roland Hedberg2016-04-111-5/+20
| | | | | Fixed some PY3 problems service_per_endpoint method useful when setting up an entity instance.
* Spelling errorRoland Hedberg2016-04-041-1/+1
|
* Reworked the security backend so you should now be able to use a HSM again ↵Roland Hedberg2015-12-111-1/+2
| | | | for XML security. Support for non-XML crypto using HSMs are on the way.
* Made MetaData instances pickleable.Roland Hedberg2015-12-011-23/+1
|
* Allow name_format for requested attributes to be set in the configuration.Roland Hedberg2015-09-081-0/+3
|
* Some configuration parameters values should be True/False not "true"/"false".Roland Hedberg2015-09-011-5/+12
|
* All tests now pass in 2.7 and 3.4 .Roland Hedberg2015-06-251-1/+1
|
* New metadata configuration for encryption.Hans Hörberg2015-06-021-3/+5
|
* Merge remote-tracking branch 'upstream/master'Hans Hörberg2015-05-261-1/+2
|\
| * Fix bytes/strings logical issuesClint Byrum2015-05-211-1/+2
| | | | | | | | | | Hashes, and other calls, require bytes or strings in python3 where they were different in python 2.x.
* | Fix, so if no encryption keys exists will the server not encrypt the message.Hans Hörberg2015-05-191-2/+6
|/ | | | Extended the test suite with negative tests.
* Moved s2repoze, xmkdsig and xmlenc under saml2.Roland Hedberg2015-05-151-2/+2
| | | | Fixed bug in mdstore.MetadataStore in handling external metadata using the new config format.
View Lorry Controller Status