Skip to content

Use higher-level function to create a saml request on the saml2 backend #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 27, 2021
Merged

Use higher-level function to create a saml request on the saml2 backend #380

merged 1 commit into from
Aug 27, 2021

Conversation

c00kiemon5ter
Copy link
Member

ref: IdentityPython/pysaml2#819

All Submissions:

  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Have you added an explanation of what problem you are trying to solve with this PR?
  • Have you added information on what your changes do and why you chose this as your solution?
  • Have you written new tests for your changes?
  • Does your submission pass tests?
  • This project follows PEP8 style guide. Have you run your code against the 'flake8' linter?

@c00kiemon5ter
Copy link
Member Author

@vladimir-mencl-eresearch in reference to IdentityPython/pysaml2#819 would like to test this?

c00kiemon5ter
c00kiemon5ter commented Aug 27, 2021
View reviewed changes
src/satosa/backends/saml2.py

if self.sp.config.getattr('allow_unsolicited', 'sp') is False:
if req_id in self.outstanding_queries:
msg = "Request with duplicate id {}".format(req_id)
logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
logger.debug(logline)
raise SATOSAAuthenticationError(context.state, msg)
self.outstanding_queries[req_id] = req
self.outstanding_queries[req_id] = req_id
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know that this looks weird.

outstanding_queries is used as a dict throughout the code. It seems that the value content is not used; the value is only checked to be non-null (value is not None). This allows us to put anything we want as the value, except for None.

I think that outstanding_queries could be turned into a list/set. But that would require to sync changes under pysaml2. We can look into that later.

In general, the way we check for unsolicited responses should be refactored.

@vladimir-mencl-eresearch
Copy link
Contributor

Hi @c00kiemon5ter ,

Thanks - yes, I'm happy to confirm this works in my environment and does the right thing - SAML AuthnRequest is only signed via external Signature parameter when authn_requests_signed is True, or not at all when authn_requests_signed is False - but the request XML no longer carries embedded signature.

Thanks for the fix - and sorry, did not get to it yet myself.

Cheers,
Vlad

@c00kiemon5ter
Use higher-level function to create a saml request on the saml2 backend
7ed0774 
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
@c00kiemon5ter c00kiemon5ter force-pushed the refactor-saml-backend-create-authnreq branch from 9bdcfef to 7ed0774 Compare August 27, 2021 19:08
@c00kiemon5ter c00kiemon5ter merged commit ad1efcb into master Aug 27, 2021
@c00kiemon5ter c00kiemon5ter deleted the refactor-saml-backend-create-authnreq branch August 27, 2021 21:04
@vladimir-mencl-eresearch vladimir-mencl-eresearch mentioned this pull request Sep 19, 2022
Closed
@vladimir-mencl-eresearch vladimir-mencl-eresearch mentioned this pull request Dec 12, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@c00kiemon5ter @vladimir-mencl-eresearch