summaryrefslogtreecommitdiff
path: root/src/saml2
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #842 from johanlundberg/lundberg_swamid_esiIvan Kanakarakis2021-12-071-0/+5
|\ | | | | Implement entity category MyAcademicID-ESI for SWAMID
| * implement entity category https://myacademicid.org/entity-categories/esi for ↵Johan Lundberg2021-12-071-0/+5
| | | | | | | | swamid
* | Attribute values are optionalIvan Kanakarakis2021-12-072-10/+11
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Linter fixesIvan Kanakarakis2021-11-2417-136/+293
|/ | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix signing for requests with the soap bindingIvan Kanakarakis2021-11-222-10/+7
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fixing attributeerror and signature mangling while constructing soap requestsMaximilian Heuwes2021-11-222-2/+2
|
* Fix client to be able to retry creating an AuthnRequest with a different bindingIvan Kanakarakis2021-11-191-5/+21
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Verify signed logout requests with the redirect bindingIvan Kanakarakis2021-11-162-6/+32
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Small refactorIvan Kanakarakis2021-11-162-62/+73
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactored redirect signature check into separate methodVishal Kadam2021-11-151-41/+48
|
* 633: Support for redirect binding signature check using query param valuesVishal Kadam2021-11-153-11/+59
|
* Ouput the according KeyName in encrypted answerClément Hallet2021-11-023-23/+22
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Enhance invalid document format info with reasonIvan Kanakarakis2021-11-011-0/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add new config option requested_authn_contextIvan Kanakarakis2021-10-201-4/+24
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Adds configuration directive for RequestedAuthnContext #806Gagan Deep2021-10-191-0/+1
| | | | Closes #806
* Use the files API instead of path from importlib.resourcesIvan Kanakarakis2021-10-192-33/+34
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove unused importsIvan Kanakarakis2021-10-191-3/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Check for multiple eptid valuesIvan Kanakarakis2021-10-191-0/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Use importlib.resources in python >= 3.7Alfredo Moralejo2021-10-112-2/+12
| | | | | | | | importlib.resources was added to python standard library since python 3.7 [1]. This patch is implementing conditional to use it instead of the importlib_resources backport when using python 3.7 or newer. [1] https://docs.python.org/3/whatsnew/3.7.html
* Merge pull request #827 from rectalogic/session-indexIvan Kanakarakis2021-09-211-3/+6
|\ | | | | Handle KeyError when retrieving SessionIndex
| * Handle KeyError when retrieving SessionIndexAndrew Wason2021-09-101-3/+6
| | | | | | | | | | This was broken in commit b69e92585 Fixes https://github.com/IdentityPython/pysaml2/issues/826
* | Keep unknown metadata extensionsIvan Kanakarakis2021-09-092-11/+39
|/ | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow AuthnStatement to be optionalIvan Kanakarakis2021-08-301-9/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow saml2.response.AuthnResponse::get_subject to decrypt a NameID with the ↵Ivan Kanakarakis2021-08-271-8/+9
| | | | | | given keys Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Formatting and use of public methodsIvan Kanakarakis2021-08-271-6/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add note to docs on debugging responsese271828-2021-07-271-1/+5
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #809 from REANNZ/metadata_reloadIvan Kanakarakis2021-07-264-4/+48
|\ | | | | Support metadata reload
| * fix: saml2.Entity/reload_metadata: use self.entity_type instead of iterating ↵Vlad Mencl2021-07-201-5/+4
| | | | | | | | | | | | over all types As per review suggestion in #809
| * nfc: reformat expression in src/saml2/mdstore.py as per reviewVlad Mencl2021-07-201-3/+7
| | | | | | Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * nfc: fix formatting in comment (tab vs spaces) in src/saml2/entity.pyVlad Mencl2021-07-201-1/+1
| | | | | | Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * new: saml2.Entity: support reloading metadataVlad Mencl2021-06-111-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Support reloading metadata by adding a reload_metadata method to saml2.Entity. This method gets the metadata configuration in the same format as the 'metadata' entry in the configuration passed to saml2.Config. To keep metadata refreshed, this method needs to be periodically explicitly called. For a metadata refresh with the same configuration, the calling application should keep a copy of the original configuration to pass to this method. Resolves #808
| * fix: saml2.assertion: safeguard _filter_values against vals=NoneVlad Mencl2021-06-101-0/+3
| | | | | | | | | | | | | | | | | | In certain circumstances, such as an Saml2IdP receiving a request from an SP where the SP metadata has a RequestedAttribute with specific values, `_filter_values` may be called with vals=None when processing the AuthnRequest. Safeguard against this by returning early, returning the None value unfiltered. (It will get later replaced with an [] in `_apply_attr_value_restrictions`).
| * fix: mdstore: fix exception handler in InMemoryMetaData.parseVlad Mencl2021-06-091-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The exception handler in InMemoryMetaData.parse was failing for subclasses other then `MetaDataFile` with: AttributeError: 'MetaDataExtern' object has no attribute 'filename' - because `self.filename` is only defined for MetaDataFile but not MetaDataExtern The handler was essentially expecting it would only be invoked for MetaDataFile and not other subclasses of InMemoryMetaData. Provide useful descriptive messages for MetaDataFile and MetaDataExtern subclassses - and fall back to a generic (but safe) message otherwise.
| * fix: mdstore: fix MetadataStore.dumps(format="md")Vlad Mencl2021-06-091-1/+2
| | | | | | | | | | | | | | | | | | | | MetadataStore.dumps(format="md") was failing with TypeError: Object of type dict_items is not JSON serializable ... because self.items() returns dictitems() - while only a dict would be serializable into JSON. Convert the dictitems back into a dict.
| * fix: saml2/time_util: get before/after docstrings rightVlad Mencl2021-06-091-2/+2
| | | | | | | | Align the docstrings with what the functions actually implement.
* | Consider DeclRef equivalent to ClassRefIvan Kanakarakis2021-07-131-1/+4
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Refactor saml2.response.Response.authn_infoIvan Kanakarakis2021-07-131-14/+18
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Require the enveloped-signature transform to be presentIvan Kanakarakis2021-06-201-10/+18
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Improve signature checksIvan Kanakarakis2021-06-202-9/+61
|/ | | | | | | | - Enforce allowed canonicalization methods - Enforce allowed transform aglorithms - Ensure the Object element is absent Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Do not look at preferred_binding on handle_logout_requestIvan Kanakarakis2021-05-201-2/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Correctly order response_bindings based on requested bindingIvan Kanakarakis2021-05-191-6/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Do not restrict the falsy values of bindings on pick_binding methodIvan Kanakarakis2021-05-191-1/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactor do_logoutIvan Kanakarakis2021-05-191-78/+107
| | | | | | | | | | | | Consider: - what the IdP supports - what the SP prefers - the expected binding Find the common set and select the first preferred choice. Then do the logout. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Do not limit the single_logout_service resultsIvan Kanakarakis2021-05-191-2/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #791 from wibed/commentaryIvan Kanakarakis2021-05-182-6/+85
|\ | | | | Add inline documentation
| * Add links to updated spec versions with errataIvan Kanakarakis2021-05-182-3/+9
| |
| * some documentation for newcomers and returnerswibed2021-04-052-6/+79
| |
* | Embed the cert in the EncryptedData elementIvan Kanakarakis2021-05-182-9/+16
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Do not comment out RSA_1_5, but mark as deprecatedIvan Kanakarakis2021-05-181-3/+2
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Do not embed the cert in the EncryptedData elementIvan Kanakarakis2021-05-182-26/+20
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
View Lorry Controller Status