| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Closes #806
|
|
|
|
| |
The SP authnReq now works with a 3-tuple (URL+binding+index) ACS service conf
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce new configuration option `entity_attributes` that defines a list of
dictionaries each of which represents an <Attribute> element. Each dicrionary has fields
for the NameFormat, the Name, the FriendName and a list of strings that are used to
create <AttributeValue> elements, each with the string as the text node.
"entity_attributes": [
{
"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oasis:names:tc:SAML:profiles:subject-id:req",
# "friendly_name" is not set
"values": ["any"],
},
]
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `name_id_format` configuration option is used to define
1. the value of the `<NameIDFormat>` metadata element
2. and the value of the `<NameIDPolicy>` `Format` attribute in an `AuthnRequest`
The configuration option to set what the value of `<NameIDFormat>` element is in the
metadata should be different from the configuration option to specify what should be
requested in an `AuthnRequest` through the `<NameIDPolicy Format="...">` attribute.
Introduce a new option (`name_id_policy_format`), or use the same name but scoped in a
specific section for metadata and AuthnRequest.
On the side of this, pysaml2 defaults to _transient_ as the `<NameIDPolicy
Format="...">` attribute value. To omit requesting a value for the `<NameIDPolicy
Format="">` attribute the value `"None"` (a string) must be set in the configuration.
This is unintuitive. It is better to be explicit and set transient to request a
transient NameID, than not setting a value and requesting transient by default. If no
value is set, no specific `<NameIDPolicy Format="...">` should be requested.
- Refactor the name_id_format usage
- Add name_id_policy_format configuration option
- Remove the "None" convention value
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
| |
The name of the id-attribute for signing, encrypting and decrypting an XML document is
well know for each of those operations. There is no need to define another.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
```
************* Module saml2.config
src/saml2/config.py:464:23: E1135: Value '_logconf' doesn't support membership test (unsupported-membership-test)
src/saml2/config.py:466:27: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object)
src/saml2/config.py:481:50: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object)
src/saml2/config.py:486:22: E1120: No value for argument 'filename' in constructor call (no-value-for-parameter)
src/saml2/config.py:488:23: E1135: Value '_logconf' doesn't support membership test (unsupported-membership-test)
src/saml2/config.py:489:42: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object)
src/saml2/config.py:505:43: E1136: Value '_logconf' is unsubscriptable (unsubscriptable-object)
src/saml2/config.py:552:19: E1136: Value 'self.virtual_organization' is unsubscriptable (unsubscriptable-object)
```
this seems right; the operations upon the Logger object do not make sense.
There is no need to "fix" this, we just remove the relevant code.
We should come back to this and refactor how the logger is configured for the library.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Moves parsing PYSAML2_DELETE_TMPFILES option to config.py and uses the
value as a Config class property (`delete_tmpfiles`). This attribute is
part of the configuration so its place is in the config.py and the
corresponding class. This may add the config object dependency to
classes/functions that are calling the `make_temp` function, but at the
same time keeps a more layered approach since this config option is now
processed and set up in the correct layer; that is the Config class and
the config module. Scripts that (in)directly use classes that have
methods that use the `make_temp` functions were not changed since
those methods are not called when these scripts run and they are out of
the scripts' scope (that is, the script functionality does not create
any temp file). Those scripts are `verify_metadata`, `merge_metadata`
and `mdexport`
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
| |
Add the ability to configure an SP to require either a signed response
or signed assertions.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\
| |
| | |
Make config_factory to be more universal method
|
| | |
|
|/ |
|
|
|
|
|
|
|
| |
The id attribute name is used by xmlsec1 to find the correct attribute in the
given element that contains the id of the node that will be signed.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
Add force_authn sp configuration option
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the value is truthy, "true" is given as the ForceAuthn value. The
value is derived from the 'force_authn' keyword argument as passed to
'create_authn_request()' method otherwise it fallbacks to the
configuration value.
|
| |/ |
|
|/
|
|
|
|
| |
When 'hide_assertion_consumer_service' is set to 'true', then the
AuthnRequest will not include the 'AssertionConsumerServiceURL' and
'ProtocolBinding' attributes.
|
| |
|
|
|
|
|
|
|
|
| |
pulling in `unittest2` as a runtime dependency instead of a test
dependency. It's also really not needed, as the functionality that it
provides was not being called. Just use importlib instead.
Remove unused functions in s_utils.py
|
|
|
|
|
| |
Fixed some PY3 problems
service_per_endpoint method useful when setting up an entity instance.
|
| |
|
|
|
|
| |
for XML security. Support for non-XML crypto using HSMs are on the way.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Hashes, and other calls, require bytes or strings in python3 where they
were different in python 2.x.
|
|/
|
|
| |
Extended the test suite with negative tests.
|
|
|
|
| |
Fixed bug in mdstore.MetadataStore in handling external metadata using the new config format.
|