Allow the addition of SessionIndexes to a LogoutRequest

Roland Hedberg · Roland Hedberg · commit c3f51e34cd51 · 2014-12-10T14:37:20.000+01:00
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
@@ -253,6 +253,7 @@ def create_authn_request(self, destination, vorg="", scoping=None,
                 args["provider_name"] = self._my_name()
 
         # Allow argument values either as class instances or as dictionaries
+        # all of these have cardinality 0..1
         _msg = AuthnRequest()
         for param in ["scoping", "requested_authn_context", "conditions",
                       "subject", "scoping"]:
diff --git a/src/saml2/entity.py b/src/saml2/entity.py
@@ -35,7 +35,7 @@
 from saml2.s_utils import success_status_factory
 from saml2.s_utils import decode_base64_and_inflate
 from saml2.s_utils import UnsupportedBinding
-from saml2.samlp import AuthnRequest
+from saml2.samlp import AuthnRequest, SessionIndex
 from saml2.samlp import AuthzDecisionQuery
 from saml2.samlp import AuthnQuery
 from saml2.samlp import AssertionIDRequest
@@ -673,7 +673,8 @@ def create_error_response(self, in_response_to, destination, info,
     def create_logout_request(self, destination, issuer_entity_id,
                               subject_id=None, name_id=None,
                               reason=None, expire=None, message_id=0,
-                              consent=None, extensions=None, sign=False):
+                              consent=None, extensions=None, sign=False,
+                              session_indexes=None):
         """ Constructs a LogoutRequest
 
         :param destination: Destination of the request
@@ -689,6 +690,7 @@ def create_logout_request(self, destination, issuer_entity_id,
         :param consent: Whether the principal have given her consent
         :param extensions: Possible extensions
         :param sign: Whether the query should be signed or not.
+        :param session_indexes: SessionIndex instances or just values
         :return: A LogoutRequest instance
         """
 
@@ -703,10 +705,20 @@ def create_logout_request(self, destination, issuer_entity_id,
         if not name_id:
             raise SAMLError("Missing subject identification")
 
+        args = {}
+        if session_indexes:
+            sis = []
+            for si in session_indexes:
+                if isinstance(si, SessionIndex):
+                    sis.append(si)
+                else:
+                    sis.append(SessionIndex(text=si))
+            args["session_index"] = sis
+
         return self._message(LogoutRequest, destination, message_id,
                              consent, extensions, sign, name_id=name_id,
                              reason=reason, not_on_or_after=expire,
-                             issuer=self._issuer())
+                             issuer=self._issuer(), **args)
 
     def create_logout_response(self, request, bindings=None, status=None,
                                sign=False, issuer=None):
diff --git a/tools/make_metadata.py b/tools/make_metadata.py
@@ -2,7 +2,6 @@
 import argparse
 import os
 import sys
-from saml2.s_utils import rndstr
 from saml2.metadata import entity_descriptor, metadata_tostring_fix
 from saml2.metadata import entities_descriptor
 from saml2.metadata import sign_entity_descriptor
