Skip to content

Commit c305820

Browse files
skorandaskoranda
committed
SP class should not assume SAML NameID in assertion
The basic pySAML2 service provider class upon which SPs are built should not require that a SAML authentication request response from an IdP contains a SAML NameID element since it is not required by the SAML 2.0 specification. This change enables the parse_authn_request_response method for the basic pySAML2 service provider class to successfully parse a SAML authentication request response that does not contain a SAML NameID element.
1 parent a17f233 commit c305820

File tree

1 file changed

+41
-42
lines changed

1 file changed

+41
-42
lines changed

src/saml2/client_base.py

Lines changed: 41 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -676,50 +676,49 @@ def parse_authn_request_response(self, xmlstr, binding, outstanding=None,
676676
:return: An response.AuthnResponse or None
677677
"""
678678

679-
try:
680-
_ = self.config.entityid
681-
except KeyError:
679+
if not getattr(self.config, 'entityid', None):
682680
raise SAMLError("Missing entity_id specification")
683681

684-
resp = None
685-
if xmlstr:
686-
kwargs = {
687-
"outstanding_queries": outstanding,
688-
"outstanding_certs": outstanding_certs,
689-
"allow_unsolicited": self.allow_unsolicited,
690-
"want_assertions_signed": self.want_assertions_signed,
691-
"want_response_signed": self.want_response_signed,
692-
"return_addrs": self.service_urls(binding=binding),
693-
"entity_id": self.config.entityid,
694-
"attribute_converters": self.config.attribute_converters,
695-
"allow_unknown_attributes":
696-
self.config.allow_unknown_attributes,
697-
'conv_info': conv_info
698-
}
699-
try:
700-
resp = self._parse_response(xmlstr, AuthnResponse,
701-
"assertion_consumer_service",
702-
binding, **kwargs)
703-
except StatusError as err:
704-
logger.error("SAML status error: %s", err)
705-
raise
706-
except UnravelError:
707-
return None
708-
except Exception as err:
709-
logger.error("XML parse error: %s", err)
710-
raise
711-
712-
if resp is None:
713-
return None
714-
elif isinstance(resp, AuthnResponse):
715-
if resp.assertion is not None and len(
716-
resp.response.encrypted_assertion) == 0:
717-
self.users.add_information_about_person(resp.session_info())
718-
logger.info("--- ADDED person info ----")
719-
pass
720-
else:
721-
logger.error("Response type not supported: %s",
722-
saml2.class_name(resp))
682+
if not xmlstr:
683+
return None
684+
685+
kwargs = {
686+
"outstanding_queries": outstanding,
687+
"outstanding_certs": outstanding_certs,
688+
"allow_unsolicited": self.allow_unsolicited,
689+
"want_assertions_signed": self.want_assertions_signed,
690+
"want_response_signed": self.want_response_signed,
691+
"return_addrs": self.service_urls(binding=binding),
692+
"entity_id": self.config.entityid,
693+
"attribute_converters": self.config.attribute_converters,
694+
"allow_unknown_attributes":
695+
self.config.allow_unknown_attributes,
696+
'conv_info': conv_info
697+
}
698+
699+
try:
700+
resp = self._parse_response(xmlstr, AuthnResponse,
701+
"assertion_consumer_service",
702+
binding, **kwargs)
703+
except StatusError as err:
704+
logger.error("SAML status error: %s", err)
705+
raise
706+
except UnravelError:
707+
return None
708+
except Exception as err:
709+
logger.error("XML parse error: %s", err)
710+
raise
711+
712+
if not isinstance(resp, AuthnResponse):
713+
logger.error("Response type not supported: %s",
714+
saml2.class_name(resp))
715+
return None
716+
717+
if (resp.assertion and len(resp.response.encrypted_assertion) == 0 and
718+
resp.assertion.subject.name_id):
719+
self.users.add_information_about_person(resp.session_info())
720+
logger.info("--- ADDED person info ----")
721+
723722
return resp
724723

725724
# ------------------------------------------------------------------------

0 commit comments

Comments
 (0)