IDP.apply_binding for SOAP with sign=True requires a prepared message (a signature element already inserted) although it requires a sig_alg parameter. Letting apply_binding sign the request provides for unique namespace identifiers.
Code Version
master
Expected Behavior
I would expect that IDP.apply_binding is correctly signing the passed message using the sig algo provided.
Current Behavior
Either a crash like #595 when passing a string as message, or crashing with saml2.sigver.SignatureError
error=Error: failed to find default node with name="Signature"
Possible Solution
Either document this behaviour or add a signature element to soap_message in httpbase.py line 317.
Steps to Reproduce
- Create logout request:
reqid, req = IDP.create_logout_request(
destination=destination,
issuer_entity_id=None,
name_id=name_id,
session_indexes=[sess_idx],
sign=False,
)
- Apply binding
info = IDP.apply_binding(binding, req, destination=destination, relay_state=None, response=False, sign=True)
IDP.apply_bindingfor SOAP withsign=Truerequires a prepared message (a signature element already inserted) although it requires asig_algparameter. Lettingapply_bindingsign the request provides for unique namespace identifiers.Code Version
master
Expected Behavior
I would expect that
IDP.apply_bindingis correctly signing the passed message using the sig algo provided.Current Behavior
Either a crash like #595 when passing a string as message, or crashing with
saml2.sigver.SignatureErrorerror=Error: failed to find default node with name="Signature"Possible Solution
Either document this behaviour or add a signature element to
soap_messagein httpbase.py line 317.Steps to Reproduce