Pass proper encryption keys when retrieving the subject NameID

c00kiemon5ter · c00kiemon5ter · commit 7c82d89041ce · 2021-08-27T20:46:36.000+03:00
This requires the latest pysaml2 to work properly, as older versions of
get_subject do not accept the optional keys argument.

To have this working without this changeset, one should define the
pysaml2 configuration option `encryption_keypairs`.

Signed-off-by: Ivan Kanakarakis &lt;ivan.kanak@gmail.com&gt;
diff --git a/src/satosa/backends/saml2.py b/src/satosa/backends/saml2.py
@@ -404,7 +404,7 @@ def _translate_response(self, response, state):
         )
 
         # The SAML response may not include a NameID.
-        subject = response.get_subject()
+        subject = response.get_subject(keys=self.encryption_keys)
         name_id = subject.text if subject else None
         name_id_format = subject.format if subject else None
 

Original file line number	Diff line number	Diff line change
`@@ -404,7 +404,7 @@ def _translate_response(self, response, state):`
`404`	`404`	`)`
`405`	`405`
`406`	`406`	`# The SAML response may not include a NameID.`
`407`		`- subject = response.get_subject()`
	`407`	`+ subject = response.get_subject(keys=self.encryption_keys)`
`408`	`408`	`name_id = subject.text if subject else None`
`409`	`409`	`name_id_format = subject.format if subject else None`
`410`	`410`