@@ -108,6 +108,35 @@ def render_template(self, text):
108108 def b64_for_post (self , xml_text , encoding = 'utf-8' ):
109109 return base64 .b64encode (xml_text .encode (encoding )).decode ('ascii' )
110110
111+ def test_unsigned_post_authn_request (self ):
112+ """
113+ Test that unsigned authentication requests via POST binding
114+ does not error.
115+
116+ https://github.com/knaperek/djangosaml2/issues/168
117+ """
118+ settings .SAML_CONFIG = conf .create_conf (
119+ sp_host = 'sp.example.com' ,
120+ idp_hosts = ['idp.example.com' ],
121+ metadata_file = 'remote_metadata_post_binding.xml' ,
122+ authn_requests_signed = False
123+ )
124+ response = self .client .get (reverse ('saml2_login' ))
125+
126+ self .assertEqual (response .status_code , 200 )
127+
128+ # Using POST-binding returns a page with form containing the SAMLRequest
129+ response_parser = SAMLPostFormParser ()
130+ response_parser .feed (response .content .decode ('utf-8' ))
131+ saml_request = response_parser .saml_request_value
132+ expected_request = """<samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://sp.example.com/saml2/acs/" Destination="https://idp.example.com/simplesaml/saml2/idp/SSOService.php" ID="XXXXXXXXXXXXXXXXXXXXXX" IssueInstant="2010-01-01T00:00:00Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://sp.example.com/saml2/metadata/</saml:Issuer><samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" /></samlp:AuthnRequest>"""
133+
134+ self .assertIsNotNone (saml_request )
135+ self .assertSAMLRequestsEquals (
136+ base64 .b64decode (saml_request ).decode ('utf-8' ),
137+ expected_request
138+ )
139+
111140 def test_login_evil_redirect (self ):
112141 """
113142 Make sure that if we give an URL other than our own host as the next
0 commit comments