Fixes #733: add setting to sign logout responses

Author: maxbes

src/saml2/client.py

@@ -487,7 +487,7 @@ def do_attribute_query(self, entityid, subject_id,
         else:
             raise SAMLError("Unsupported binding")
 
-    def handle_logout_request(self, request, name_id, binding, sign=False,
+    def handle_logout_request(self, request, name_id, binding, sign=None,
                               sign_alg=None, relay_state=""):
         """
         Deal with a LogoutRequest
@@ -534,6 +534,9 @@ def handle_logout_request(self, request, name_id, binding, sign=False,
             response_bindings = self.config.preferred_binding[
                 "single_logout_service"]
 
+        if sign is None:
+            sign = self.logout_responses_signed
+
         response = self.create_logout_response(_req.message, response_bindings,
                                                status, sign, sign_alg=sign_alg)
         rinfo = self.response_args(_req.message, response_bindings)

src/saml2/client_base.py

@@ -162,6 +162,7 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
 
         attribute_defaults = {
             "logout_requests_signed": False,
+            "logout_responses_signed": False,
             "allow_unsolicited": False,
             "authn_requests_signed": False,
             "want_assertions_signed": False,

src/saml2/config.py

@@ -95,6 +95,7 @@
     "name_id_policy_format",
     "name_id_format_allow_create",
     "logout_requests_signed",
+    "logout_responses_signed",
     "requested_attribute_name_format",
     "hide_assertion_consumer_service",
     "force_authn",
@@ -201,6 +202,7 @@ def __init__(self, homedir="."):
         self.virtual_organization = None
         self.only_use_keys_in_metadata = True
         self.logout_requests_signed = None
+        self.logout_responses_signed = None
         self.disable_ssl_certificate_validation = None
         self.context = ""
         self.attribute_converters = None