Add option to hide assertion consumer service on authn requests

ivan · ivan · commit 47cbd128516d · 2017-07-17T15:37:17.000+03:00
When 'hide_assertion_consumer_service' is set to 'true', then the
AuthnRequest will not include the 'AssertionConsumerServiceURL' and
'ProtocolBinding' attributes.
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
@@ -235,26 +235,30 @@ def create_authn_request(self, destination, vorg="", scoping=None,
 
         args = {}
 
-        try:
-            args["assertion_consumer_service_url"] = kwargs[
-                "assertion_consumer_service_urls"][0]
-            del kwargs["assertion_consumer_service_urls"]
-        except KeyError:
+        if self.config.getattr('hide_assertion_consumer_service', 'sp'):
+            args["assertion_consumer_service_url"] = None
+            binding = None
+        else:
             try:
                 args["assertion_consumer_service_url"] = kwargs[
-                    "assertion_consumer_service_url"]
-                del kwargs["assertion_consumer_service_url"]
+                    "assertion_consumer_service_urls"][0]
+                del kwargs["assertion_consumer_service_urls"]
             except KeyError:
                 try:
-                    args["assertion_consumer_service_index"] = str(
-                        kwargs["assertion_consumer_service_index"])
-                    del kwargs["assertion_consumer_service_index"]
+                    args["assertion_consumer_service_url"] = kwargs[
+                        "assertion_consumer_service_url"]
+                    del kwargs["assertion_consumer_service_url"]
                 except KeyError:
-                    if service_url_binding is None:
-                        service_urls = self.service_urls(binding)
-                    else:
-                        service_urls = self.service_urls(service_url_binding)
-                    args["assertion_consumer_service_url"] = service_urls[0]
+                    try:
+                        args["assertion_consumer_service_index"] = str(
+                            kwargs["assertion_consumer_service_index"])
+                        del kwargs["assertion_consumer_service_index"]
+                    except KeyError:
+                        if service_url_binding is None:
+                            service_urls = self.service_urls(binding)
+                        else:
+                            service_urls = self.service_urls(service_url_binding)
+                        args["assertion_consumer_service_url"] = service_urls[0]
 
         try:
             args["provider_name"] = kwargs["provider_name"]
diff --git a/src/saml2/config.py b/src/saml2/config.py
@@ -75,7 +75,8 @@
     "name_id_format",
     "name_id_format_allow_create",
     "logout_requests_signed",
-    "requested_attribute_name_format"
+    "requested_attribute_name_format",
+    "hide_assertion_consumer_service",
 ]
 
 AA_IDP_ARGS = [

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,8 @@`
`75`	`75`	`"name_id_format",`
`76`	`76`	`"name_id_format_allow_create",`
`77`	`77`	`"logout_requests_signed",`
`78`		`- "requested_attribute_name_format"`
	`78`	`+ "requested_attribute_name_format",`
	`79`	`+ "hide_assertion_consumer_service",`
`79`	`80`	`]`
`80`	`81`
`81`	`82`	`AA_IDP_ARGS = [`