fix issue with satosa and encrypted assertions #419
Conversation
|
The issue is that https://github.com/SUNET/SATOSA/blob/master/src/satosa/backends/saml2.py#L161 and https://github.com/SUNET/SATOSA/blob/master/src/satosa/backends/saml2.py#L174 both generate calls to https://github.com/rohe/pysaml2/blob/master/src/saml2/response.py#L900 (parse_assertion). If there is an encrypted assertion the first call will typically result in the decrypted assertion winding up in self.assertion (and self.assertions list). However the second call to parse_assertion has that assert that will fail because after the first call there is no longer an assertion or an encrypted assertion left in the response (since it was dealt with in the first call to parse_assertion). The patch alters the assert to allow the parse_assertion to be called multiple times. Possibly this is an indication that parse_assertion is really doing > 1 "thing" and should be split up. This is however a breaking API change ... |
|
I'm OK with this change and I agree we could do with some refactoring here. |
|
@rohe are you ok with the PR as is though? |
|
Yes |
@rohe and @jkakavas pls review!