diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-07-17 16:15:35 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-07-27 11:51:25 +0200 |
commit | 63c1a25a0a0fb3bcf8ea054c49ce88ffc81599cc (patch) | |
tree | be6e725e79a1936641449644f095c05bc966bc09 | |
parent | 16422cfd77e080ba1c1f2cb8559620d0c200e0b9 (diff) | |
download | ipsilon-63c1a25a0a0fb3bcf8ea054c49ce88ffc81599cc.tar.gz ipsilon-63c1a25a0a0fb3bcf8ea054c49ce88ffc81599cc.tar.xz ipsilon-63c1a25a0a0fb3bcf8ea054c49ce88ffc81599cc.zip |
Set the value of WantAuthnRequestsSigned to True
The spec says the default should be False if not specified
but lasso sets it to true unless it is explicitly set to
False. So let's be explicit and set it to True.
https://fedorahosted.org/ipsilon/ticket/136
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
-rwxr-xr-x | ipsilon/tools/saml2metadata.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipsilon/tools/saml2metadata.py b/ipsilon/tools/saml2metadata.py index d360ccd..2138777 100755 --- a/ipsilon/tools/saml2metadata.py +++ b/ipsilon/tools/saml2metadata.py @@ -86,6 +86,8 @@ class Metadata(object): raise ValueError('invalid role: %s' % role) self.role = mdElement(self.root, description) self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF) + if role == IDP_ROLE: + self.role.set('WantAuthnRequestsSigned', 'true') return self.role def set_expiration(self, exp): |