Pass sign information when calling apply_binding

c00kiemon5ter · c00kiemon5ter · commit 788a69524a3f · 2018-11-21T18:06:45.000+02:00
Signed-off-by: Ivan Kanakarakis &lt;ivan.kanak@gmail.com&gt;
diff --git a/src/saml2/client.py b/src/saml2/client.py
@@ -125,7 +125,7 @@ def prepare_for_negotiated_authenticate(
                 args = {}
 
             http_info = self.apply_binding(binding, _req_str, destination,
-                                           relay_state, **args)
+                                           relay_state, sign=sign, **args)
 
             return reqid, binding, http_info
         else:
@@ -240,7 +240,7 @@ def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
                 relay_state = self._relay_state(req_id)
 
                 http_info = self.apply_binding(binding, srequest, destination,
-                                               relay_state, sigalg=sigalg)
+                                               relay_state, sign=sign, sigalg=sigalg)
 
                 if binding == BINDING_SOAP:
                     response = self.send(**http_info)
@@ -478,7 +478,7 @@ def do_attribute_query(self, entityid, subject_id,
                                     "sign": sign}
             relay_state = self._relay_state(query.id)
             return self.apply_binding(binding, "%s" % query, destination,
-                                      relay_state)
+                                      relay_state, sign=sign)
         else:
             raise SAMLError("Unsupported binding")
 
@@ -535,4 +535,4 @@ def handle_logout_request(self, request, name_id, binding, sign=False,
 
         return self.apply_binding(rinfo["binding"], response,
                                   rinfo["destination"], relay_state,
-                                  response=True)
+                                  response=True, sign=sign)
diff --git a/src/saml2/s2repoze/plugins/sp.py b/src/saml2/s2repoze/plugins/sp.py
@@ -368,7 +368,11 @@ def challenge(self, environ, _status, _app_headers, _forget_headers):
                     self.outstanding_certs[_sid] = cert
 
                 ht_args = _cli.apply_binding(
-                    _binding, msg_str, destination=dest, relay_state=came_from
+                    _binding,
+                    msg_str,
+                    destination=dest,
+                    relay_state=came_from,
+                    sign=_cli.authn_requests_signed,
                 )
 
                 logger.debug("ht_args: %s", ht_args)
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
@@ -1375,7 +1375,7 @@ def test_signed_redirect(self):
 
         info = self.client.apply_binding(
             BINDING_HTTP_REDIRECT, msg_str, destination="",
-            relay_state="relay2", sigalg=SIG_RSA_SHA256)
+            relay_state="relay2", sign=True, sigalg=SIG_RSA_SHA256)
 
         loc = info["headers"][0][1]
         qs = parse_qs(loc[1:])
@@ -2875,7 +2875,7 @@ def test_signed_redirect(self):
 
         info = self.client.apply_binding(
             BINDING_HTTP_REDIRECT, msg_str, destination="",
-            relay_state="relay2", sigalg=SIG_RSA_SHA256)
+            relay_state="relay2", sign=True, sigalg=SIG_RSA_SHA256)
 
         loc = info["headers"][0][1]
         qs = parse_qs(loc[1:])
