From f5f245e60036e57596bb2f9ac25ad1fe8290f4fc Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland.hedberg@adm.umu.se>
Date: Wed, 13 Oct 2010 13:45:54 +0200
Subject: [PATCH] Make binding significant

---
 src/saml2/server.py | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/saml2/server.py b/src/saml2/server.py
index 3de50f5..94b1136 100644
--- a/src/saml2/server.py
+++ b/src/saml2/server.py
@@ -26,6 +26,7 @@ from saml2 import saml
 from saml2 import class_name
 from saml2 import soap
 from saml2 import request
+from saml2 import BINDING_HTTP_REDIRECT, BINDING_SOAP
 
 from saml2.s_utils import sid
 from saml2.s_utils import response_factory, logoutresponse_factory
@@ -201,7 +202,7 @@ class Server(object):
         return saml.Issuer(text=self.conf["entityid"], 
                             format=saml.NAMEID_FORMAT_ENTITY)        
         
-    def parse_authn_request(self, enc_request):
+    def parse_authn_request(self, enc_request, binding=BINDING_HTTP_REDIRECT):
         """Parse a Authentication Request
         
         :param enc_request: The request in its transport format
@@ -214,7 +215,9 @@ class Server(object):
         
         response = {}
         
-        receiver_addresses = self.conf.endpoint("idp", "single_sign_on_service")
+        receiver_addresses = self.conf.endpoint("idp", 
+                                                "single_sign_on_service",
+                                                binding)
         authn_request = request.AuthnRequest(self.sec, 
                                             self.conf.attribute_converters(),
                                             receiver_addresses)
@@ -473,18 +476,30 @@ class Server(object):
         else:
             return ("%s" % response).split("\n")
 
-    def parse_logout_request(self, text):
+    def parse_logout_request(self, text, binding=BINDING_SOAP):
         """Parse a Logout Request
         
-        :param test: The request in its transport format
+        :param text: The request in its transport format, if the binding is 
+            HTTP-Redirect or HTTP-Post the text *must* be the value of the 
+            SAMLRequest attribute.
         :return: A validated LogoutRequest instance or None if validation 
             failed.
         """
         
-        lreq = soap.parse_soap_enveloped_saml_logout_request(text)
-        slo = self.conf.endpoint("idp", "single_logout_service")[0]
-        req = request.LogoutRequest(self.sec, slo)
-        req = req.loads(lreq, False) # Got it over SOAP so no base64+zip
+        slos = self.conf.endpoint("idp", "single_logout_service", binding)[0]
+        req = request.LogoutRequest(self.sec, slos)
+        if binding == BINDING_SOAP:
+            lreq = soap.parse_soap_enveloped_saml_logout_request(text)
+            try:
+                req = req.loads(lreq, False) # Got it over SOAP so no base64+zip
+            except Exception:
+                return None
+        else:
+            try:
+                req = req.loads(text)
+            except Exception:
+                return None
+
         req = req.verify()
         
         if not req: # Not a valid request