summaryrefslogtreecommitdiff
path: root/src/saml2/entity.py
Commit message (Collapse)AuthorAgeFilesLines
* Do not swallow response verification exceptions.Andrew Wason2018-11-281-2/+0
| | | Fixes IdentityPython/pysaml2#571
* Pull out sigalg and look it up onceIvan Kanakarakis2018-11-211-2/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Lookup signer only if signing is requestedIvan Kanakarakis2018-11-211-1/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove unused code about only_identity_in_encrypted_assertionIvan Kanakarakis2018-11-211-5/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Group response_is_signed and assertions_are_signed blocksIvan Kanakarakis2018-11-211-24/+20
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add want_assertions_or_response_signed functionalityScott Koranda2018-11-211-3/+66
| | | | | | | Add the ability to configure an SP to require either a signed response or signed assertions. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove unneeded variableIvan Kanakarakis2018-11-191-2/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Various small refactorEgor Panfilov2018-11-191-3/+1
|
* Retrieve SLO endpoint by the appropriate service typeIvan Kanakarakis2018-08-031-2/+9
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Cleanup Entity _parse_responseIvan Kanakarakis2018-08-031-58/+47
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* fixbug: 'NoneType' object has no attribute 'get_signer'william2017-05-251-1/+1
|
* Fix some ECP problemsCzémán Arnold2017-04-151-2/+3
|
* Swap pycrypto* for pyca/cryptographyPaul Kehrer2017-01-121-3/+0
| | | | | | | | pyOpenSSL is already a dependency and pyOpenSSL uses cryptography. This also reduces the complexity of the code significantly in several places (and removes the need to directly manipulate asn1). A future PR could remove pyOpenSSL entirely as all the cert behavior is supported directly by cryptography.
* Added functionality needed by the saml2test tool.Roland Hedberg2016-04-161-1/+1
|
* Slowly moving from six to future.backportsRoland Hedberg2016-03-091-4/+7
| | | | pycryptodomex from pypi now constructs Cryptodome module on OS X too.
* Use package 'Cryptodome' instead of 'Crypto'Legrandin2016-02-211-1/+1
|
* Make UnravelError exception a little more helpfulAaron Barnes2016-02-041-1/+1
|
* Added support for one callback. Will be used by the saml2test tool.rohe2015-12-181-2/+8
|
* Reworked the security backend so you should now be able to use a HSM again ↵Roland Hedberg2015-12-111-47/+71
| | | | for XML security. Support for non-XML crypto using HSMs are on the way.
* Merge remote-tracking branch 'upstream/master'Hans Hörberg2015-11-191-1/+7
|\ | | | | | | | | | | # Conflicts: # setup.py # src/saml2/server.py
| * form_post are suppost to use POST not GET.Roland Hedberg2015-11-161-1/+1
| |
| * Rolled back on form_post vs postRoland Hedberg2015-11-161-10/+10
| |
| * The IdP doing form_post or the SP doing post is two different things.Roland Hedberg2015-11-131-4/+10
| |
* | Merge remote-tracking branch 'upstream/master'Hans Hörberg2015-11-061-79/+119
|\ \ | |/ | | | | | | | | | | # Conflicts: # src/saml2/entity.py digest algorithm added to the same functions as sign alg.
| * Merge pull request #277 from spaceone/issue259Roland Hedberg2015-11-011-1/+1
| |\ | | | | | | fix reraising of exception (Issue #259)
| | * fix reraising of exception (Issue #259)Florian Best2015-10-291-1/+1
| | |
| * | Added a new exception (UnknownBinding) and used it.Roland Hedberg2015-11-011-46/+93
| |/
| * Fix paramter passing in logging messagesJozef Knaperek2015-10-151-17/+16
| | | | | | | | | | | | | | | | Pass parameters into logger calls directly instead of pre-merging with the logger message. This way the logs are easier to maintain and process. The code is also faster when logging is turned off since it doesn't have to evaluate all params and render them into strings.
* | Added the possibility to set signature and digest algorithm on all the ↵Hans Hörberg2015-11-061-27/+33
|/ | | | | | | | | | | functions I identified. pysaml2 has a default value for sign and digest. To make it possible to always use the same algorithm this default value has been replaced with a singleton class. The first time the singleton class is instantiated the sign and digest algorithm will be set. After that it cannot be changed. A good place to setup this single class is in the server setup. Example: ds.DefaultSignature(ds.SIG_RSA_SHA512, ds.DIGEST_SHA512)
* Fix artifact code for python3Clint Byrum2015-05-281-7/+13
| | | | Strings/bytes issues abound when hashing/encoding things.
* Deal with stricter bytes/strings in py3Clint Byrum2015-05-281-1/+1
| | | | | | | Several more instances of test failures in python3 caused by incompatible use of bytes vs. strings. Notable difference from other similar patches is that ascii can be used for encoding certificate strings since they are base64 encoded.
* Added comments.Hans Hörberg2015-05-261-1/+22
|
* Merge remote-tracking branch 'upstream/master'Hans Hörberg2015-05-261-2/+3
|\
| * Fix more basestring py3k issuesClint Byrum2015-05-211-1/+2
| | | | | | | | basestring has been removed from python 3.
| * Fix typo 'unknown'Yo Sub Kwon2015-05-191-1/+1
| |
* | Pysaml can now decrypt multiple encrypted assertions with multiple advice ↵Hans Hörberg2015-05-211-10/+10
| | | | | | | | elements with multiple encrypted assertions.
* | Partial commit for decrpyting and verifying signatures at the client. All ↵Hans Hörberg2015-05-201-2/+2
| | | | | | | | tests works.
* | Added a PEFIM parameter for PEFIM specific configurations.Hans Hörberg2015-05-201-3/+4
| |
* | Fix, so if no encryption keys exists will the server not encrypt the message.Hans Hörberg2015-05-191-4/+17
| | | | | | | | Extended the test suite with negative tests.
* | Added encryption support for multiple assertions, advice elements with ↵Hans Hörberg2015-05-191-29/+34
| | | | | | | | multiple assertions.
* | Partial commit.Hans2015-05-181-10/+17
| | | | | | | | Improved signing and added more testcases.
* | Partial commit.Hans2015-05-181-3/+9
| | | | | | | | Improved signing and added more testcases.
* | Improved encryption to use metadata.Hans2015-05-181-22/+25
| |
* | ...Hans Hörberg2015-05-181-5/+9
| |
* | Merge branch 'master' into test_new_encryptHans Hörberg2015-05-181-3/+3
|\ \ | |/
| * Fix python3 syntax errorsClint Byrum2015-05-151-3/+3
| | | | | | | | | | Retains python2.7 compatibility for all files. Fixes only syntax errors, tests still fail on python3 for various reasons.
* | Improved encrypted assertion.Hans2015-05-091-19/+53
|/
* Added tests for encryption and signing of the authentication response.Hans Hörberg2015-03-181-14/+21
| | | | Added tests to decrypt authentication responses in the client.
* Updated pysaml2 to support PEFIM.Hans Hörberg2015-03-171-1/+4
| | | | | | Added a decrypt flag so a proxy can choose not to decrypt an encrypted assertion. Fix so an signature on a response is always validated. Moved back to original solution. The only use case where the signature should be validated is if the proxy is transparent and the signature is designated for the Service Provider. This use case is no longer valid and if it is to be used a new flag must be created, like never_validate_signature. The default value of never_validate_signature is False.
* Merge remote-tracking branch 'upstream/master'Hans Hörberg2015-03-171-6/+9
|\
View Lorry Controller Status