Handle non standard response error status codes

johanlundberg · johanlundberg · commit 2dce359b7aa0 · 2018-12-05T15:37:43.000+01:00
diff --git a/src/saml2/response.py b/src/saml2/response.py
@@ -360,8 +360,8 @@ def status_ok(self):
             if status.status_code.value != samlp.STATUS_SUCCESS:
                 logger.info("Not successful operation: %s", status)
                 if status.status_code.status_code:
-                    excep = STATUSCODE2EXCEPTION[
-                        status.status_code.status_code.value]
+                    excep = STATUSCODE2EXCEPTION.get(
+                        status.status_code.status_code.value, StatusError)
                 else:
                     excep = StatusError
                 if status.status_message:
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
@@ -28,7 +28,7 @@
 from saml2.authn_context import INTERNETPROTOCOLPASSWORD
 from saml2.client import Saml2Client
 from saml2.pack import parse_soap_enveloped_saml
-from saml2.response import LogoutResponse, StatusInvalidNameidPolicy
+from saml2.response import LogoutResponse, StatusInvalidNameidPolicy, StatusError
 from saml2.saml import NAMEID_FORMAT_PERSISTENT, EncryptedAssertion, Advice
 from saml2.saml import NAMEID_FORMAT_TRANSIENT
 from saml2.saml import NameID
@@ -2325,6 +2325,37 @@ def test_response_error_status(self):
                 resp_str, BINDING_HTTP_POST,
                 {"id1": "http://foo.example.com/service"})
 
+    def test_response_error_status_non_standard_status_code(self):
+        """ Test that the SP client can parse an authentication response
+        from an IdP that contains an error status."""
+
+        conf = config.SPConfig()
+        conf.load_file("server_conf")
+        client = Saml2Client(conf)
+
+        resp = self.server.create_error_response(
+            in_response_to="id1",
+            destination="http://lingon.catalogix.se:8087/",
+            info=('http://example.com/status/1.0/cancel', None),
+        )
+
+        # Cast the response to a string and encode it to mock up the payload
+        # the SP client is expected to receive via HTTP POST binding.
+        if six.PY2:
+            resp_str = encode_fn(str(resp))
+        else:
+            resp_str = encode_fn(bytes(str(resp), 'utf-8'))
+
+        # We do not need the client to verify a signature for this test.
+        client.want_assertions_signed = False
+        client.want_response_signed = False
+
+        # Parse the authentication error response
+        with raises(StatusError):
+            client.parse_authn_request_response(
+                resp_str, BINDING_HTTP_POST,
+                {"id1": "http://foo.example.com/service"})
+
     def setup_verify_authn_response(self):
         idp = "urn:mace:example.com:saml:roland:idp"
         ava = {"givenName": ["Dave"], "sn": ["Concepción"],
