Merge branch 'roland_master' into example_updates

Author: dallerbarn

.travis.yml

@@ -1,14 +1,18 @@
 language: python
 
+sudo: false
+
 env:
   - TOX_ENV=py27
   - TOX_ENV=py34
 
+addons:
+  apt:
+    packages:
+    - xmlsec1
+
 services:
   - mongodb
 
-install:
-  - sudo apt-get install xmlsec1
-
 script:
   - ./setup.py test

example/sp-wsgi/sp.py

@@ -4,12 +4,14 @@
 import re
 import argparse
 import os
+from future.backports.http.cookies import SimpleCookie
+import six
+
 from saml2.extension.pefim import SPCertEnc
 from saml2.metadata import create_metadata_string
 import service_conf
 
-from Cookie import SimpleCookie
-from urlparse import parse_qs
+from six.moves.urllib.parse import parse_qs
 import sys
 
 from saml2 import BINDING_HTTP_REDIRECT, element_to_extension_element
@@ -59,7 +61,7 @@ def dict_to_table(ava, lev=0, width=1):
     txt = ['<table border=%s bordercolor="black">\n' % width]
     for prop, valarr in ava.items():
         txt.append("<tr>\n")
-        if isinstance(valarr, basestring):
+        if isinstance(valarr, six.string_types):
             txt.append("<th>%s</th>\n" % str(prop))
             try:
                 txt.append("<td>%s</td>\n" % valarr.encode("utf8"))

src/saml2/authn.py

@@ -1,7 +1,4 @@
 import logging
-from urllib import urlencode
-from urlparse import parse_qs
-from urlparse import urlsplit
 import six
 import time
 import ldap
@@ -13,6 +10,8 @@
 from saml2.httputil import Unauthorized
 from saml2.httputil import parse_cookie
 
+from six.moves.urllib.parse import urlencode, parse_qs, urlsplit
+
 __author__ = 'rolandh'
 
 logger = logging.getLogger(__name__)

src/saml2/client.py

@@ -14,6 +14,8 @@
 from saml2 import BINDING_HTTP_POST
 from saml2 import BINDING_SOAP
 
+import saml2.xmldsig as ds
+
 from saml2.ident import decode, code
 from saml2.httpbase import HTTPError
 from saml2.s_utils import sid
@@ -161,7 +163,7 @@ def global_logout(self, name_id, reason="", expire=None, sign=None):
         return self.do_logout(name_id, entity_ids, reason, expire, sign)
 
     def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
-                  expected_binding=None):
+                  expected_binding=None, **kwargs):
         """
 
         :param name_id: Identifier of the Subject (a NameID instance)
@@ -172,6 +174,7 @@ def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
         :param sign: Whether to sign the request or not
         :param expected_binding: Specify the expected binding then not try it
             all
+        :param kwargs: Extra key word arguments.
         :return:
         """
         # check time
@@ -203,9 +206,14 @@ def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
 
                 destination = destinations(srvs)[0]
                 logger.info("destination to provider: %s" % destination)
+                try:
+                    session_info = self.users.get_info_from(name_id, entity_id)
+                    session_indexes = [session_info['session_index']]
+                except KeyError:
+                    session_indexes = None
                 req_id, request = self.create_logout_request(
                     destination, entity_id, name_id=name_id, reason=reason,
-                    expire=expire)
+                    expire=expire, session_indexes=session_indexes)
 
                 # to_sign = []
                 if binding.startswith("http://"):
@@ -214,15 +222,23 @@ def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
                 if sign is None:
                     sign = self.logout_requests_signed
 
+                sigalg = None
+                key = None
                 if sign:
-                    srequest = self.sign(request)
+                    if binding == BINDING_HTTP_REDIRECT:
+                        sigalg = kwargs.get("sigalg", ds.sig_default)
+                        key = kwargs.get("key", self.signkey)
+                        srequest = str(request)
+                    else:
+                        srequest = self.sign(request)
                 else:
-                    srequest = "%s" % request
+                    srequest = str(request)
 
                 relay_state = self._relay_state(req_id)
 
                 http_info = self.apply_binding(binding, srequest, destination,
-                                               relay_state)
+                                               relay_state, sigalg=sigalg,
+                                               key=key)
 
                 if binding == BINDING_SOAP:
                     response = self.send(**http_info)

src/saml2/client_base.py

@@ -6,8 +6,6 @@
 to conclude its tasks.
 """
 import threading
-from six.moves.urllib.parse import urlencode
-from six.moves.urllib.parse import urlparse
 import six
 
 from saml2.entity import Entity
@@ -26,8 +24,11 @@
 from saml2.soap import make_soap_enveloped_saml_thingy
 
 from six.moves.urllib.parse import parse_qs
+from six.moves.urllib.parse import urlencode
+from six.moves.urllib.parse import urlparse
 
-from saml2.s_utils import signature, UnravelError, exception_trace
+from saml2.s_utils import signature
+from saml2.s_utils import UnravelError
 from saml2.s_utils import do_attributes
 
 from saml2 import samlp, BINDING_SOAP, SAMLError

src/saml2/config.py

@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+from saml2.saml import NAME_FORMAT_URI
 
 __author__ = 'rolandh'
 
@@ -93,6 +94,7 @@
     "ecp",
     "name_id_format",
     "logout_requests_signed",
+    "requested_attribute_name_format"
 ]
 
 AA_IDP_ARGS = [
@@ -236,6 +238,7 @@ def __init__(self, homedir="."):
         self.extensions = {}
         self.attribute = []
         self.attribute_profile = []
+        self.requested_attribute_name_format = NAME_FORMAT_URI
 
     def setattr(self, context, attr, val):
         if context == "":

src/saml2/mdstore.py

@@ -795,7 +795,7 @@ def load(self, typ, *args, **kwargs):
             self.ii += 1
             key = self.ii
             kwargs.update(_args)
-            _md = MetaData(self.onts, self.attrc, args[0], **kwargs)
+            _md = InMemoryMetaData(self.onts, self.attrc, args[0])
         elif typ == "remote":
             key = kwargs["url"]
             for _key in ["node_name", "check_validity"]: