fix: saml2.assertion: safeguard _filter_values against vals=None

In certain circumstances, such as an Saml2IdP receiving a request
from an SP where the SP metadata has a RequestedAttribute with specific values,
`_filter_values` may be called with vals=None when processing the AuthnRequest.

Safeguard against this by returning early, returning the None value unfiltered.
(It will get later replaced with an [] in `_apply_attr_value_restrictions`).

Author: vladimir-mencl-eresearch

src/saml2/assertion.py

@@ -35,6 +35,9 @@ def _filter_values(vals, vlist=None, must=False):
     if not vlist:  # No value specified equals any value
         return vals
 
+    if vals is None: # cannot iterate over None, return early
+        return vals
+
     if isinstance(vlist, six.string_types):
         vlist = [vlist]