Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Do not swallow response verification exceptions. | Andrew Wason | 2018-11-28 | 1 | -2/+0 |
| | | | Fixes IdentityPython/pysaml2#571 | ||||
* | Pull out sigalg and look it up once | Ivan Kanakarakis | 2018-11-21 | 1 | -2/+3 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Lookup signer only if signing is requested | Ivan Kanakarakis | 2018-11-21 | 1 | -1/+1 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Remove unused code about only_identity_in_encrypted_assertion | Ivan Kanakarakis | 2018-11-21 | 1 | -5/+0 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Group response_is_signed and assertions_are_signed blocks | Ivan Kanakarakis | 2018-11-21 | 1 | -24/+20 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Add want_assertions_or_response_signed functionality | Scott Koranda | 2018-11-21 | 1 | -3/+66 |
| | | | | | | | Add the ability to configure an SP to require either a signed response or signed assertions. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Remove unneeded variable | Ivan Kanakarakis | 2018-11-19 | 1 | -2/+1 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Various small refactor | Egor Panfilov | 2018-11-19 | 1 | -3/+1 |
| | |||||
* | Retrieve SLO endpoint by the appropriate service type | Ivan Kanakarakis | 2018-08-03 | 1 | -2/+9 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | Cleanup Entity _parse_response | Ivan Kanakarakis | 2018-08-03 | 1 | -58/+47 |
| | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> | ||||
* | fixbug: 'NoneType' object has no attribute 'get_signer' | william | 2017-05-25 | 1 | -1/+1 |
| | |||||
* | Fix some ECP problems | Czémán Arnold | 2017-04-15 | 1 | -2/+3 |
| | |||||
* | Swap pycrypto* for pyca/cryptography | Paul Kehrer | 2017-01-12 | 1 | -3/+0 |
| | | | | | | | | pyOpenSSL is already a dependency and pyOpenSSL uses cryptography. This also reduces the complexity of the code significantly in several places (and removes the need to directly manipulate asn1). A future PR could remove pyOpenSSL entirely as all the cert behavior is supported directly by cryptography. | ||||
* | Added functionality needed by the saml2test tool. | Roland Hedberg | 2016-04-16 | 1 | -1/+1 |
| | |||||
* | Slowly moving from six to future.backports | Roland Hedberg | 2016-03-09 | 1 | -4/+7 |
| | | | | pycryptodomex from pypi now constructs Cryptodome module on OS X too. | ||||
* | Use package 'Cryptodome' instead of 'Crypto' | Legrandin | 2016-02-21 | 1 | -1/+1 |
| | |||||
* | Make UnravelError exception a little more helpful | Aaron Barnes | 2016-02-04 | 1 | -1/+1 |
| | |||||
* | Added support for one callback. Will be used by the saml2test tool. | rohe | 2015-12-18 | 1 | -2/+8 |
| | |||||
* | Reworked the security backend so you should now be able to use a HSM again ↵ | Roland Hedberg | 2015-12-11 | 1 | -47/+71 |
| | | | | for XML security. Support for non-XML crypto using HSMs are on the way. | ||||
* | Merge remote-tracking branch 'upstream/master' | Hans Hörberg | 2015-11-19 | 1 | -1/+7 |
|\ | | | | | | | | | | | # Conflicts: # setup.py # src/saml2/server.py | ||||
| * | form_post are suppost to use POST not GET. | Roland Hedberg | 2015-11-16 | 1 | -1/+1 |
| | | |||||
| * | Rolled back on form_post vs post | Roland Hedberg | 2015-11-16 | 1 | -10/+10 |
| | | |||||
| * | The IdP doing form_post or the SP doing post is two different things. | Roland Hedberg | 2015-11-13 | 1 | -4/+10 |
| | | |||||
* | | Merge remote-tracking branch 'upstream/master' | Hans Hörberg | 2015-11-06 | 1 | -79/+119 |
|\ \ | |/ | | | | | | | | | | | # Conflicts: # src/saml2/entity.py digest algorithm added to the same functions as sign alg. | ||||
| * | Merge pull request #277 from spaceone/issue259 | Roland Hedberg | 2015-11-01 | 1 | -1/+1 |
| |\ | | | | | | | fix reraising of exception (Issue #259) | ||||
| | * | fix reraising of exception (Issue #259) | Florian Best | 2015-10-29 | 1 | -1/+1 |
| | | | |||||
| * | | Added a new exception (UnknownBinding) and used it. | Roland Hedberg | 2015-11-01 | 1 | -46/+93 |
| |/ | |||||
| * | Fix paramter passing in logging messages | Jozef Knaperek | 2015-10-15 | 1 | -17/+16 |
| | | | | | | | | | | | | | | | | Pass parameters into logger calls directly instead of pre-merging with the logger message. This way the logs are easier to maintain and process. The code is also faster when logging is turned off since it doesn't have to evaluate all params and render them into strings. | ||||
* | | Added the possibility to set signature and digest algorithm on all the ↵ | Hans Hörberg | 2015-11-06 | 1 | -27/+33 |
|/ | | | | | | | | | | | functions I identified. pysaml2 has a default value for sign and digest. To make it possible to always use the same algorithm this default value has been replaced with a singleton class. The first time the singleton class is instantiated the sign and digest algorithm will be set. After that it cannot be changed. A good place to setup this single class is in the server setup. Example: ds.DefaultSignature(ds.SIG_RSA_SHA512, ds.DIGEST_SHA512) | ||||
* | Fix artifact code for python3 | Clint Byrum | 2015-05-28 | 1 | -7/+13 |
| | | | | Strings/bytes issues abound when hashing/encoding things. | ||||
* | Deal with stricter bytes/strings in py3 | Clint Byrum | 2015-05-28 | 1 | -1/+1 |
| | | | | | | | Several more instances of test failures in python3 caused by incompatible use of bytes vs. strings. Notable difference from other similar patches is that ascii can be used for encoding certificate strings since they are base64 encoded. | ||||
* | Added comments. | Hans Hörberg | 2015-05-26 | 1 | -1/+22 |
| | |||||
* | Merge remote-tracking branch 'upstream/master' | Hans Hörberg | 2015-05-26 | 1 | -2/+3 |
|\ | |||||
| * | Fix more basestring py3k issues | Clint Byrum | 2015-05-21 | 1 | -1/+2 |
| | | | | | | | | basestring has been removed from python 3. | ||||
| * | Fix typo 'unknown' | Yo Sub Kwon | 2015-05-19 | 1 | -1/+1 |
| | | |||||
* | | Pysaml can now decrypt multiple encrypted assertions with multiple advice ↵ | Hans Hörberg | 2015-05-21 | 1 | -10/+10 |
| | | | | | | | | elements with multiple encrypted assertions. | ||||
* | | Partial commit for decrpyting and verifying signatures at the client. All ↵ | Hans Hörberg | 2015-05-20 | 1 | -2/+2 |
| | | | | | | | | tests works. | ||||
* | | Added a PEFIM parameter for PEFIM specific configurations. | Hans Hörberg | 2015-05-20 | 1 | -3/+4 |
| | | |||||
* | | Fix, so if no encryption keys exists will the server not encrypt the message. | Hans Hörberg | 2015-05-19 | 1 | -4/+17 |
| | | | | | | | | Extended the test suite with negative tests. | ||||
* | | Added encryption support for multiple assertions, advice elements with ↵ | Hans Hörberg | 2015-05-19 | 1 | -29/+34 |
| | | | | | | | | multiple assertions. | ||||
* | | Partial commit. | Hans | 2015-05-18 | 1 | -10/+17 |
| | | | | | | | | Improved signing and added more testcases. | ||||
* | | Partial commit. | Hans | 2015-05-18 | 1 | -3/+9 |
| | | | | | | | | Improved signing and added more testcases. | ||||
* | | Improved encryption to use metadata. | Hans | 2015-05-18 | 1 | -22/+25 |
| | | |||||
* | | ... | Hans Hörberg | 2015-05-18 | 1 | -5/+9 |
| | | |||||
* | | Merge branch 'master' into test_new_encrypt | Hans Hörberg | 2015-05-18 | 1 | -3/+3 |
|\ \ | |/ | |||||
| * | Fix python3 syntax errors | Clint Byrum | 2015-05-15 | 1 | -3/+3 |
| | | | | | | | | | | Retains python2.7 compatibility for all files. Fixes only syntax errors, tests still fail on python3 for various reasons. | ||||
* | | Improved encrypted assertion. | Hans | 2015-05-09 | 1 | -19/+53 |
|/ | |||||
* | Added tests for encryption and signing of the authentication response. | Hans Hörberg | 2015-03-18 | 1 | -14/+21 |
| | | | | Added tests to decrypt authentication responses in the client. | ||||
* | Updated pysaml2 to support PEFIM. | Hans Hörberg | 2015-03-17 | 1 | -1/+4 |
| | | | | | | Added a decrypt flag so a proxy can choose not to decrypt an encrypted assertion. Fix so an signature on a response is always validated. Moved back to original solution. The only use case where the signature should be validated is if the proxy is transparent and the signature is designated for the Service Provider. This use case is no longer valid and if it is to be used a new flag must be created, like never_validate_signature. The default value of never_validate_signature is False. | ||||
* | Merge remote-tracking branch 'upstream/master' | Hans Hörberg | 2015-03-17 | 1 | -6/+9 |
|\ |