Make certain the correct issuer was included in logout request and response.
This commit is contained in:
Roland Hedberg
@@ -118,7 +118,7 @@ class Saml2Client(Base):
|
||||
def do_logout(self, name_id, entity_ids, reason, expire, sign=None):
|
||||
"""
|
||||
|
||||
:param name_id: Identifier of the Subject a NameID instance
|
||||
:param name_id: Identifier of the Subject (a NameID instance)
|
||||
:param entity_ids: List of entity ids for the IdPs that have provided
|
||||
information concerning the subject
|
||||
:param reason: The reason for doing the logout
|
||||
|
||||
@@ -117,13 +117,15 @@ class Base(Entity):
|
||||
else:
|
||||
self.state = state_cache
|
||||
|
||||
self.logout_requests_signed = False
|
||||
self.allow_unsolicited = False
|
||||
self.authn_requests_signed = False
|
||||
self.want_assertions_signed = False
|
||||
for foo in ["allow_unsolicited", "authn_requests_signed",
|
||||
"logout_requests_signed", "want_assertions_signed"]:
|
||||
v = self.config.getattr(foo, "sp")
|
||||
if v is True or v == 'true':
|
||||
setattr(self, foo, True)
|
||||
else:
|
||||
setattr(self, foo, False)
|
||||
|
||||
self.artifact2response = {}
|
||||
|
||||
|
||||
@@ -614,7 +614,7 @@ class Entity(HTTPBase):
|
||||
return self._message(LogoutRequest, destination, message_id,
|
||||
consent, extensions, sign, name_id=name_id,
|
||||
reason=reason, not_on_or_after=expire,
|
||||
issuer=self._issuer(issuer_entity_id))
|
||||
issuer=self._issuer())
|
||||
|
||||
def create_logout_response(self, request, bindings=None, status=None,
|
||||
sign=False, issuer=None):
|
||||
@@ -631,6 +631,9 @@ class Entity(HTTPBase):
|
||||
|
||||
rinfo = self.response_args(request, bindings)
|
||||
|
||||
if not issuer:
|
||||
issuer = self._issuer()
|
||||
|
||||
response = self._status_response(samlp.LogoutResponse, issuer, status,
|
||||
sign, **rinfo)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user