Skip to content

handle_logout_request doesn't sign redirect binding responses as requested #334

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
MrkGrgsn opened this issue May 7, 2016 · 3 comments
Closed

handle_logout_request doesn't sign redirect binding responses as requested #334

MrkGrgsn opened this issue May 7, 2016 · 3 comments
Labels
bug

Comments

@MrkGrgsn
Copy link

MrkGrgsn commented May 7, 2016

When saml2.client:handle_logout_request() is called with sign=True and the selected binding is HTTP Redirect, the request is not signed.

Where the error lies is not clear. apply_binding() accepts a sign param but it is not used for redirect bindings. It instead looks for the sigalg param in kwargs. handle_logout_request() supplies neither the sign nor sigalg params to apply_binding()
@jkakavas jkakavas added the bug label Jul 25, 2017
@Budovi Budovi mentioned this issue Dec 30, 2018
Closed
@peppelinux
Copy link
Member

#595

At this time I found In examples/ idp that it doesn't handle signed logout request

@peppelinux
Copy link
Member

peppelinux commented Mar 19, 2019
edited
Loading

I done a SLO implementation here:
https://github.com/peppelinux/djangosaml2idp/blob/master/djangosaml2idp/views.py#L317

It works even if SLO request is signed

This was referenced Mar 19, 2019
Closed
Closed
@peppelinux
Copy link
Member

Moving all the aspect of signature in HTTP-REDIRECT binding here:
#633

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@peppelinux @MrkGrgsn @jkakavas