openstack/deb-python-pysaml2
Code Issues Proposed changes

Make certain the correct issuer was included in logout request and response.

Browse Source
This commit is contained in:
Roland Hedberg
2013-11-28 12:37:45 +01:00
parent 46eab9fa03
commit 94b574c56a
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/saml2/client.py
View File

@@ -118,7 +118,7 @@ class Saml2Client(Base):
def do_logout(self, name_id, entity_ids, reason, expire, sign=None): def do_logout(self, name_id, entity_ids, reason, expire, sign=None):
""" """
:param name_id: Identifier of the Subject a NameID instance :param name_id: Identifier of the Subject (a NameID instance)
:param entity_ids: List of entity ids for the IdPs that have provided :param entity_ids: List of entity ids for the IdPs that have provided
information concerning the subject information concerning the subject
:param reason: The reason for doing the logout :param reason: The reason for doing the logout

6
src/saml2/client_base.py
View File

@@ -117,13 +117,15 @@ class Base(Entity):
else: else:
self.state = state_cache self.state = state_cache
self.logout_requests_signed = False
self.allow_unsolicited = False
self.authn_requests_signed = False
self.want_assertions_signed = False
for foo in ["allow_unsolicited", "authn_requests_signed", for foo in ["allow_unsolicited", "authn_requests_signed",
"logout_requests_signed", "want_assertions_signed"]: "logout_requests_signed", "want_assertions_signed"]:
v = self.config.getattr(foo, "sp") v = self.config.getattr(foo, "sp")
if v is True or v == 'true': if v is True or v == 'true':
setattr(self, foo, True) setattr(self, foo, True)
else:
setattr(self, foo, False)
self.artifact2response = {} self.artifact2response = {}

5
src/saml2/entity.py
View File

@@ -614,7 +614,7 @@ class Entity(HTTPBase):
return self._message(LogoutRequest, destination, message_id, return self._message(LogoutRequest, destination, message_id,
consent, extensions, sign, name_id=name_id, consent, extensions, sign, name_id=name_id,
reason=reason, not_on_or_after=expire, reason=reason, not_on_or_after=expire,
issuer=self._issuer(issuer_entity_id)) issuer=self._issuer())
def create_logout_response(self, request, bindings=None, status=None, def create_logout_response(self, request, bindings=None, status=None,
sign=False, issuer=None): sign=False, issuer=None):
@@ -631,6 +631,9 @@ class Entity(HTTPBase):
rinfo = self.response_args(request, bindings) rinfo = self.response_args(request, bindings)
if not issuer:
issuer = self._issuer()
response = self._status_response(samlp.LogoutResponse, issuer, status, response = self._status_response(samlp.LogoutResponse, issuer, status,
sign, **rinfo) sign, **rinfo)