Example for LDAP, new error message and added a test user.

Hans Hörberg · Hans Hörberg · commit e80fd8ee4b66 · 2014-05-08T16:37:01.000+02:00
diff --git a/example/idp2/idp.py b/example/idp2/idp.py
@@ -484,7 +484,9 @@ def do_authentication(environ, start_response, authn_context, key,
 
 # -----------------------------------------------------------------------------
 
-PASSWD = {"haho0032": "qwerty",
+PASSWD = {
+          "daev0001": "qwerty",
+          "haho0032": "qwerty",
           "roland": "dianakra",
           "babs": "howes",
           "upper": "crust"}
diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py
@@ -1,8 +1,45 @@
-USERS = {
+#from dirg_util.dict import LDAPDict
+#ldap_settings = {
+#    "ldapuri": "ldaps://ldap.test.umu.se",
+#    "base": "dc=umu, dc=se",
+#    "filter_pattern": "(uid=%s)",
+#    "user": "",
+#    "passwd": "",
+#    "attr": [
+#        "eduPersonScopedAffiliation",
+#        "eduPersonAffiliation",
+#        "eduPersonPrincipalName",
+#        "givenName",
+#        "sn",
+#        "mail",
+#        "uid",
+#        "o",
+#        "c",
+#        "labeledURI",
+#        "ou",
+#        "displayName",
+#        "norEduPersonLIN"
+#    ],
+#    "keymap": {
+#        "mail": "email",
+#        "labeledURI": "labeledURL",
+#    },
+#    "static_values": {
+#        "eduPersonTargetedID": "one!for!all",
+#    },
+#    "exact_match": True,
+#    "firstonly_len1": True,
+#    "timeout": 15,
+#}
+#Uncomment to use a LDAP directory instead.
+#USERS = LDAPDict(**ldap_settings)
+
+USERS_ = {
     "haho0032": {
         "sn": "Hoerberg",
-        "givenName": "Hans",
-        "eduPersonScopedAffiliation": "staff@example.com",
+        "givenName": "Hasse",
+        "eduPersonAffiliation": "student",
+        "eduPersonScopedAffiliation": "student@example.com",
         "eduPersonPrincipalName": "haho@example.com",
         "uid": "haho",
         "eduPersonTargetedID": "one!for!all",
diff --git a/src/saml2/server.py b/src/saml2/server.py
@@ -479,7 +479,8 @@ def create_authn_response(self, identity, in_response_to, destination,
                     if not verify_encrypt_cert(encrypt_cert):
                         raise CertificateError("Invalid certificate for encryption!")
             else:
-                raise CertificateError("No certificate for encryption!")
+                raise CertificateError("No SPCertEncType certificate for encryption contained in authentication "
+                                       "request.")
         else:
             encrypt_assertion = False
 
