summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Cover other requests calls with http_client_timeoutXiao Zhu2022-04-195-15/+22
|
* tests fixedXiao Zhu2022-04-193-7/+9
|
* add timeout to config and httpbaseXiao Zhu2022-04-194-4/+7
|
* Add tests for cert chainsIvan Kanakarakis2022-04-181-1/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactor certificate loadingIvan Kanakarakis2022-04-185-58/+77
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Load certificates using cryptographyJohn Paraskevopoulos2022-04-182-41/+28
| | | | | | | | | | | | | - Use cryptography.x509 load_pem_x509_certificate or load_der_x509_certificate depending on the cert type. This ensures 1) the certificate is a valid certificate 2) trailing newlines and whitespaces will be ignored - Ignore cer/crt as certificate type since these are file extensions and do not guarrantee the certificate encoding. Uses "pem" as default type for backwards compatibility. Only other valid option is "der". Everything else falls back to "pem". Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove deprecated cryptography backend paramIvan Kanakarakis2022-04-183-10/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* assertion policy filter: Fallback to match a known attribute or return its nameIvan Kanakarakis2022-04-101-8/+9
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #855 from REANNZ/fix/reload-inplaceIvan Kanakarakis2022-03-042-9/+13
|\ | | | | Reload metadata in-place
| * Add comments to MetadataStore.reloadJames Miller2022-03-041-0/+3
| |
| * Reload metadata in-placeJames Miller2022-03-042-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | Metadata reloading was previously implemented by loading the metadata, then replacing references to the old metadata with the new metadata. A bug in the implementation caused the previous version of the metadata to be indirectly referenced by the new version of the metadata, resulting in a steady climb in memory usage. In fixing the memory leak, I have also changed how metadata is reloaded to avoid having to replace all existing references, which is prone to errors and could cause confusing behaviour.
* | assertion policy filter: If name_format does not resolve a local_name, try ↵Ivan Kanakarakis2022-03-041-19/+11
|/ | | | | | the friendly name Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* metadata: Verify signature with both EntitiesDescriptor and EntityDescriptorIvan Kanakarakis2021-12-211-7/+45
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* correct swamid entity category setup for ESI and COCOJohan Lundberg2021-12-151-1/+4
| | | | updated test to reflect current usecase
* Allow requested_authn_context to be an objectIvan Kanakarakis2021-12-141-13/+23
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #841 from feuerfrei92/issue-840-saml-attributesIvan Kanakarakis2021-12-071-2/+2
|\ | | | | Fix logging of attributes with '.' in their name
| * Fixed logging of attributes with '.' in their namefeuerfrei922021-12-061-2/+2
| |
* | Merge pull request #842 from johanlundberg/lundberg_swamid_esiIvan Kanakarakis2021-12-071-0/+5
|\ \ | | | | | | Implement entity category MyAcademicID-ESI for SWAMID
| * | implement entity category https://myacademicid.org/entity-categories/esi for ↵Johan Lundberg2021-12-071-0/+5
| |/ | | | | | | swamid
* | Attribute values are optionalIvan Kanakarakis2021-12-072-10/+11
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Linter fixesIvan Kanakarakis2021-11-2419-144/+294
|/ | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix signing for requests with the soap bindingIvan Kanakarakis2021-11-222-10/+7
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fixing attributeerror and signature mangling while constructing soap requestsMaximilian Heuwes2021-11-222-2/+2
|
* Fix client to be able to retry creating an AuthnRequest with a different bindingIvan Kanakarakis2021-11-191-5/+21
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Verify signed logout requests with the redirect bindingIvan Kanakarakis2021-11-162-6/+32
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Small refactorIvan Kanakarakis2021-11-162-62/+73
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactored redirect signature check into separate methodVishal Kadam2021-11-151-41/+48
|
* 633: Support for redirect binding signature check using query param valuesVishal Kadam2021-11-153-11/+59
|
* Ouput the according KeyName in encrypted answerClément Hallet2021-11-023-23/+22
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Enhance invalid document format info with reasonIvan Kanakarakis2021-11-011-0/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add new config option requested_authn_contextIvan Kanakarakis2021-10-201-4/+24
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Adds configuration directive for RequestedAuthnContext #806Gagan Deep2021-10-191-0/+1
| | | | Closes #806
* Use the files API instead of path from importlib.resourcesIvan Kanakarakis2021-10-192-33/+34
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove unused importsIvan Kanakarakis2021-10-191-3/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Check for multiple eptid valuesIvan Kanakarakis2021-10-191-0/+3
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Use importlib.resources in python >= 3.7Alfredo Moralejo2021-10-112-2/+12
| | | | | | | | importlib.resources was added to python standard library since python 3.7 [1]. This patch is implementing conditional to use it instead of the importlib_resources backport when using python 3.7 or newer. [1] https://docs.python.org/3/whatsnew/3.7.html
* Merge pull request #827 from rectalogic/session-indexIvan Kanakarakis2021-09-211-3/+6
|\ | | | | Handle KeyError when retrieving SessionIndex
| * Handle KeyError when retrieving SessionIndexAndrew Wason2021-09-101-3/+6
| | | | | | | | | | This was broken in commit b69e92585 Fixes https://github.com/IdentityPython/pysaml2/issues/826
* | Keep unknown metadata extensionsIvan Kanakarakis2021-09-092-11/+39
|/ | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow AuthnStatement to be optionalIvan Kanakarakis2021-08-301-9/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Allow saml2.response.AuthnResponse::get_subject to decrypt a NameID with the ↵Ivan Kanakarakis2021-08-271-8/+9
| | | | | | given keys Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Formatting and use of public methodsIvan Kanakarakis2021-08-271-6/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add note to docs on debugging responsese271828-2021-07-271-1/+5
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #809 from REANNZ/metadata_reloadIvan Kanakarakis2021-07-264-4/+48
|\ | | | | Support metadata reload
| * fix: saml2.Entity/reload_metadata: use self.entity_type instead of iterating ↵Vlad Mencl2021-07-201-5/+4
| | | | | | | | | | | | over all types As per review suggestion in #809
| * nfc: reformat expression in src/saml2/mdstore.py as per reviewVlad Mencl2021-07-201-3/+7
| | | | | | Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * nfc: fix formatting in comment (tab vs spaces) in src/saml2/entity.pyVlad Mencl2021-07-201-1/+1
| | | | | | Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * new: saml2.Entity: support reloading metadataVlad Mencl2021-06-111-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Support reloading metadata by adding a reload_metadata method to saml2.Entity. This method gets the metadata configuration in the same format as the 'metadata' entry in the configuration passed to saml2.Config. To keep metadata refreshed, this method needs to be periodically explicitly called. For a metadata refresh with the same configuration, the calling application should keep a copy of the original configuration to pass to this method. Resolves #808
| * fix: saml2.assertion: safeguard _filter_values against vals=NoneVlad Mencl2021-06-101-0/+3
| | | | | | | | | | | | | | | | | | In certain circumstances, such as an Saml2IdP receiving a request from an SP where the SP metadata has a RequestedAttribute with specific values, `_filter_values` may be called with vals=None when processing the AuthnRequest. Safeguard against this by returning early, returning the None value unfiltered. (It will get later replaced with an [] in `_apply_attr_value_restrictions`).
| * fix: mdstore: fix exception handler in InMemoryMetaData.parseVlad Mencl2021-06-091-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The exception handler in InMemoryMetaData.parse was failing for subclasses other then `MetaDataFile` with: AttributeError: 'MetaDataExtern' object has no attribute 'filename' - because `self.filename` is only defined for MetaDataFile but not MetaDataExtern The handler was essentially expecting it would only be invoked for MetaDataFile and not other subclasses of InMemoryMetaData. Provide useful descriptive messages for MetaDataFile and MetaDataExtern subclassses - and fall back to a generic (but safe) message otherwise.
View Lorry Controller Status