Signature verification failure should be handled as an error.

Roland Hedberg · Roland Hedberg · commit dcf5b533ba8d · 2013-09-02T15:41:08.000+02:00
diff --git a/src/saml2/entity.py b/src/saml2/entity.py
@@ -49,7 +49,7 @@
 from saml2 import class_name
 from saml2.config import config_factory
 from saml2.httpbase import HTTPBase
-from saml2.sigver import security_context, response_factory
+from saml2.sigver import security_context, response_factory, SignatureError
 from saml2.sigver import pre_signature_part
 from saml2.sigver import signed_instance_factory
 from saml2.virtual_org import VirtualOrg
@@ -794,6 +794,9 @@ def _parse_response(self, xmlstr, response_cls, service, binding, **kwargs):
 
             try:
                 response = response.loads(xmlstr, False)
+            except SignatureError, err:
+                logger.error("Signature Error: %s" % err)
+                return None
             except Exception, err:
                 if "not well-formed" in "%s" % err:
                     logger.error("Not well-formed XML")
