-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sign_alg/digest_alg policy config is broken #212
Comments
Hi @rhoerbe, this means that we should just have to put Regarding my tests, because at this moment I'm on this, I get the followings.
I get what I desidered, as show here:
But in backend I didn't get the same result, using:
I see
I'm going through this... |
Yes, the algorithm needs to be a string (and saml2.xmldsig.SIG_RSA_SHA384 would only be available in a .py config, not in .yaml.). I am not sure if this is more than a temporary solution. Either doc doc needs to be fixed, or the code. |
I got it,
This bug should be easy to patch, we have these options: a) Change documentation to use saml2.xmldsig's elements like "SIG_RSA_SHA384" and other available in it; I think that c) would be formally correct, any ideas? |
Really patched now, hope to see it merged soon. |
I will update the readme to remove those options under policy. |
specifying the algorithm causes an Exception:
module 'saml2.xmldsig' has no attribute 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
Code Version
Satosa 3.4.8 pysaml 4.7.0
Expected Behavior
Should work as documented in the REAME
Possible Solution
Workaround: do not specify, or use the internal keys of pysaml2 (e.g. saml2.xmldsig.SIG_RSA_SHA256) like this:
Offending code
https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/frontends/saml2.py#L349
The string from yaml should be converted back to the xmldsig name.
Is there an equivalent function in the SAMl backend?
The text was updated successfully, but these errors were encountered: