Parameter "logout_requests_signed" in config not signing logout requests

[joachimBurket]

Code Version

6.5.1

Expected Behavior

I'm using pysaml2 through djangosaml2 as an SP. The ADFS IdP requires logout requests to be signed.

With this configuration:

SAML_CONFIG = {
    ...
    "service": {
        "sp": {
            "logout_requests_signed": True,
        }
    }
}

The logout requests (initiated by the SP) should be signed.

Current Behavior

The request is not signed and the IdP doesn't accepts it.

Possible Solution

The djangosaml2 library calls the global_logout() method to initiate the logout, and doesn't sets the sign argument. So either in global_logout() or do_logout() methods, the following could be added:

if sign is None:
    sign = self.logout_requests_signed

[peppelinux]

I made it to work in djangosaml2 using HTTP-POST binding
https://djangosaml2.readthedocs.io/contents/setup.html#preferred-logout-binding

[c00kiemon5ter]

Hello, this is not intended and should be working.

The HTTP-POST should also not be working; it is working because the same code path is affected by a different configuration option.

[c00kiemon5ter]

Please, if you can verify with the latest HEAD (4c550f5) that'd be nice.

[joachimBurket]

Hello,

I tested with the latest HEAD on my project and it is working as intended. Thanks for the fix!

[berkowitzi]

Hi @c00kiemon5ter -- is there any chance that you could publish a release containing this patch?
Thanks!

[c00kiemon5ter]

Hello, I will create a release soon. Sorry this did not happen faster.