| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AuthnRequest is created with HTTP-Redirect binding, the XML document is not
signed, but instead, a signature is calculated and becomes part of the query params of
the Redirect-URL, through the Signature and SignAlg params.
Previously, when the Redirect binding was requested and signing was enabled but no
SignAlg params were defined, the Signature and SignAlg query params would be missing.
Now, if no SignAlg is defined, the default is used and the request is correctly created
with the proper query params.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The html module is only available for python3. The cgi module provides almost
identical functionality and is present for both python2 and python3.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
|
|
| |
Do not send an HTTP-POST SAML response with a non-conforming relay
state. This can happen when the incoming <AuthnRequest> does not include
relay state information.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix for issue 459 "Form used with HTTP_POST binding nonconforming and
shows submit button". The fix introduces an HTML5 DOCTYPE declaration
and uses noscript tags appropriately to hide the submit button when
Javascript is enabled.
Modification of tests were necessary because the tests unecessarily
relied on the response being a list of strings with the <form> element
being the fourth item in the list, in order to unpack the form and pull
out the SAMLResponse and relay state for comparison. The new tests do not
require the response to be arbitrarily broken up as a list of
strings.
|
|
|
|
|
|
|
| |
This fixes XXE issues on anything where pysaml2 parses XML directly as part of
issue #366. It doesn't address the xmlsec issues discussed on that ticket as
they are out of reach of a direct fix and need the underlying library to fix
this issue.
|
| |
|
|
|
|
| |
for XML security. Support for non-XML crypto using HSMs are on the way.
|
| |
|
|
|
|
|
|
|
|
| |
Pass parameters into logger calls directly instead of pre-merging
with the logger message. This way the logs are easier to maintain
and process. The code is also faster when logging is turned off
since it doesn't have to evaluate all params and render them into
strings.
|
| |
|
|
|
|
|
| |
More strings/bytes issues and another usage of the moved urlencode
function.
|
|
|
|
|
|
|
|
|
| |
In doing so it was discovered that the 'implements' function has been
replaced by a class decorator, which must be used in python3.
Also commented out method arguments seem to expose internal py.test
problems in python3. Removing them seems fine since we can look in
revision history if we need to find the exact way it was used before.
|
|
|
|
|
|
| |
Fixing basic renames reveals that some assumptions about the XML
produced by etree need fixing, and there is a need to coerce some
strings into bytes before base64.
|
|
|
|
|
| |
In python3, etree won't add an XML header if the defaults would suffice.
This fixes some python3-only test failures.
|
|
|
|
|
| |
Some calls in etree will return bytes where they used to return a string
type.
|
|
|
|
| |
basestring has been removed from python 3.
|
| |
|
|
|
|
|
|
|
| |
six.moves handles some of the reorganized modules.
With dircache, it was simply removed as it has been deprecated for a
long time. os.listdir performs fine these days.
|
|
|
|
|
| |
Retains python2.7 compatibility for all files. Fixes only syntax errors,
tests still fail on python3 for various reasons.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Added Submit button to generated POST form to allow manual submit
in case user has JS disabled
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without this change I get the following traceback:
>>> pack.http_redirect_message(req.to_string(), destination, sigalg=pack.RSA_SHA1, key=rsa)
Traceback (most recent call last):
File "<redacted>", line 1, in <module>
File "<redacted>\pysaml2-1.0.3-py2.7.egg\saml2\pack.py", line 138, in http_redirect_message
string = "&".join([urllib.urlencode({k: args[k]}) for k in _order])
KeyError: 'RelayState'
|
| |
|
|
|
|
| |
binding.
|
|
|
|
| |
binding.
|
|
|
|
| |
text part of the instance.
|
| |
|
|
|
|
| |
Worked through a NameIDMapping test
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|