Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
peppelinux committed Feb 21, 2024
2 parents 6bc4b64 + dd3f479 commit c32a6e3
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 15 deletions.
2 changes: 1 addition & 1 deletion example/backends/ciesaml2.py
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,6 @@ def authn_response(self, context, binding):
**{"message": _msg, "troubleshoot": _TROUBLESHOOT_MSG}
)

list(context.state.keys())[1]
# deprecated
# if not context.state.get('Saml2IDP'):
# _msg = "context.state['Saml2IDP'] KeyError"
Expand All @@ -496,6 +495,7 @@ def authn_response(self, context, binding):
authn_context_class_ref=authn_context_classref,
return_addrs=authn_response.return_addrs,
allowed_acrs=self.config["spid_allowed_acrs"],
cie_mode = True
)
try:
validator.run()
Expand Down
32 changes: 18 additions & 14 deletions example/backends/spidsaml2_validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ def __init__(
authn_context_class_ref="https://www.spid.gov.it/SpidL2",
return_addrs=[],
allowed_acrs=[],
cie_mode = False
):

self.response = samlp.response_from_string(authn_response)
Expand All @@ -45,6 +46,7 @@ def __init__(
self.return_addrs = return_addrs
self.issuer = issuer
self.allowed_acrs = allowed_acrs
self.cie_mode = cie_mode

# handled adding authn req arguments in the session state (cookie)
def validate_in_response_to(self):
Expand Down Expand Up @@ -77,7 +79,8 @@ def validate_issuer(self):

# 30
# check that this issuer is in the metadata...
if self.response.issuer.format:
# L'attributo Format di Issuer della Response deve essere omesso o assumere valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity. In questo test il valore è diverso. Risultato atteso: KO
if hasattr(self.response.issuer, "format") and self.response.issuer.format:
if (
self.response.issuer.format
!= "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
Expand All @@ -87,22 +90,23 @@ def validate_issuer(self):
'!= "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"'
)

msg = "Issuer format is not valid: {}. {}"
# 70, 71
assiss = self.response.assertion[0].issuer
if not hasattr(assiss, "format") or not getattr(assiss, "format", None):
raise SPIDValidatorException(
msg.format(self.response.issuer.format, _ERROR_TROUBLESHOOT)
)

# 72
for i in self.response.assertion:
if i.issuer.format != "urn:oasis:names:tc:SAML:2.0:nameid-format:entity":
if not self.cie_mode:
msg = "Issuer format is not valid: {}. {}"
# 70, 71
assiss = self.response.assertion[0].issuer
if not hasattr(assiss, "format") or not getattr(assiss, "format", None):
raise SPIDValidatorException(
msg.format(self.response.issuer.format,
_ERROR_TROUBLESHOOT)
msg.format(self.response.issuer.format, _ERROR_TROUBLESHOOT)
)

# 72
for i in self.response.assertion:
if i.issuer.format != "urn:oasis:names:tc:SAML:2.0:nameid-format:entity":
raise SPIDValidatorException(
msg.format(self.response.issuer.format,
_ERROR_TROUBLESHOOT)
)

def validate_assertion_version(self):
"""spid saml check 35"""
for i in self.response.assertion:
Expand Down

0 comments on commit c32a6e3

Please sign in to comment.