openstack/deb-python-pysaml2
Code Issues Proposed changes

New method for verifying that the assertion consumer servive actually belongs to the issuer of the AuthnRequest.

Browse Source
This commit is contained in:
Roland Hedberg
2013-06-11 15:26:54 +02:00
parent 5ae327b1f5
commit 73b5dc1d75
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/saml2/server.py
View File

@@ -154,8 +154,25 @@ class Server(Entity):
""" """
return self.metadata.attribute_requirement(sp_entity_id, index) return self.metadata.attribute_requirement(sp_entity_id, index)
# ------------------------------------------------------------------------- def verify_assertion_consumer_service(self, request):
_acs = request.assertion_consumer_service_url
_aci = request.assertion_consumer_service_index
_binding = request.protocol_binding
_eid = request.issuer.text
if _acs:
# look up acs in for that binding in the metadata given the issuer
# Assuming the format is entity
for acs in self.metadata.assertion_consumer_service(_eid, _binding):
if _acs == acs.text:
return True
elif _aci:
for acs in self.metadata.assertion_consumer_service(_eid, _binding):
if _aci == acs.index:
return True
return False
# -------------------------------------------------------------------------
def parse_authn_request(self, enc_request, binding=BINDING_HTTP_REDIRECT): def parse_authn_request(self, enc_request, binding=BINDING_HTTP_REDIRECT):
"""Parse a Authentication Request """Parse a Authentication Request