-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add want_assertions_or_response_signed functionality #485
Add want_assertions_or_response_signed functionality #485
Conversation
LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally, I would like us to have tests in https://github.com/rohe/pysaml2/blob/master/tests/test_41_response.py ensuring we discard incorrectly signed responses/assertions with any valid combination of the want_X_signed
set
Assuming this is not too much work, I would feel more comfortable having those before we merge this change.
I agree with Scott that this is the easiest way forward for now without a major refactoring as this was a breaking change we introduced recently and needs to be fixed. Down the line, I think we should open an issue and discuss how this can be handled so that we refactor the logic accordingly. My opinion is that administrators don't need the granularity we currently give them. It should be enough to give the option to disable signature verification for testing/development ( with BIG FAT warnings ) and when this is not the case :
|
What is keeping us from merging this? Is it just the conflicts? |
Tests is the main reason (same for #483). Conflicts are easily resolved. |
Just a "heads up" that I have rebased my commits off of today's master and spun up my testbed and verified that my commits (after fixing some merge conflicts) still work. I will be attempting to write tests in the next few days. |
4a3e427
to
a397968
Compare
Codecov Report
@@ Coverage Diff @@
## master #485 +/- ##
==========================================
+ Coverage 65.56% 65.61% +0.04%
==========================================
Files 103 103
Lines 25568 25602 +34
==========================================
+ Hits 16764 16799 +35
+ Misses 8804 8803 -1
Continue to review full report at Codecov.
|
Add the ability to configure an SP to require either a signed response or signed assertions. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Add logic to test client configuration options want_response_signed, want_assertions_signed, and want_assertions_or_response_signed.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
14e21bb
to
8b79846
Compare
Add the ability to configure an SP to require either a signed response
or signed assertions.