SAML-Toolkits
diff --git a/‎README.md‎
Lines changed: 3 additions & 1 deletion b/‎README.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/onelogin/saml2/auth.py‎
Lines changed: 35 additions & 6 deletions b/‎src/onelogin/saml2/auth.py‎
Lines changed: 35 additions & 6 deletions
diff --git a/‎src/onelogin/saml2/authn_request.py‎
Lines changed: 8 additions & 0 deletions b/‎src/onelogin/saml2/authn_request.py‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/logout_request.py‎
Lines changed: 9 additions & 0 deletions b/‎src/onelogin/saml2/logout_request.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/logout_response.py‎
Lines changed: 9 additions & 0 deletions b/‎src/onelogin/saml2/logout_response.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/response.py‎
Lines changed: 12 additions & 0 deletions b/‎src/onelogin/saml2/response.py‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎tests/data/responses/decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions b/‎tests/data/responses/decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions b/‎tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎tests/data/responses/pretty_signed_message_response.xml‎
Lines changed: 48 additions & 0 deletions b/‎tests/data/responses/pretty_signed_message_response.xml‎
Lines changed: 48 additions & 0 deletions
@@ -827,11 +827,13 @@ Main class of OneLogin Python Toolkit
 * ***get_last_error_reason*** Returns the reason of the last error
 * ***get_sso_url*** Gets the SSO url.
 * ***get_slo_url*** Gets the SLO url.
-* ***get_last_request_id*** The ID of the last Request SAML message generated.
+* ***get_last_request_id*** The ID of the last Request SAML message generated (AuthNRequest, LogoutRequest).
 * ***build_request_signature*** Builds the Signature of the SAML Request.
 * ***build_response_signature*** Builds the Signature of the SAML Response.
 * ***get_settings*** Returns the settings info.
 * ***set_strict*** Set the strict mode active/disable.
+* ***get_last_request_xml*** Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
+* ***get_last_response_xml*** Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.
 
 ####OneLogin_Saml2_Auth - authn_request.py####
 
 
@@ -13,6 +13,7 @@
 
 from base64 import b64encode
 from urllib import quote_plus
+from lxml import etree
 
 from onelogin.saml2.settings import OneLogin_Saml2_Settings
 from onelogin.saml2.response import OneLogin_Saml2_Response
@@ -57,6 +58,8 @@ def __init__(self, request_data, old_settings=None, custom_base_path=None):
         self.__errors = []
         self.__error_reason = None
         self.__last_request_id = None
+        self.__last_request = None
+        self.__last_response = None
 
     def get_settings(self):
         """
@@ -90,7 +93,7 @@ def process_response(self, request_id=None):
         if 'post_data' in self.__request_data and 'SAMLResponse' in self.__request_data['post_data']:
             # AuthnResponse -- HTTP_POST Binding
             response = OneLogin_Saml2_Response(self.__settings, self.__request_data['post_data']['SAMLResponse'])
-
+            self.__last_response = response.get_xml_document()
             if response.is_valid(self.__request_data, request_id):
                 self.__attributes = response.get_attributes()
                 self.__nameid = response.get_nameid()
@@ -125,6 +128,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
 
         if 'get_data' in self.__request_data and 'SAMLResponse' in self.__request_data['get_data']:
             logout_response = OneLogin_Saml2_Logout_Response(self.__settings, self.__request_data['get_data']['SAMLResponse'])
+            self.__last_response = logout_response.get_xml()
             if not logout_response.is_valid(self.__request_data, request_id):
                 self.__errors.append('invalid_logout_response')
                 self.__error_reason = logout_response.get_error()
@@ -135,6 +139,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
 
         elif 'get_data' in self.__request_data and 'SAMLRequest' in self.__request_data['get_data']:
             logout_request = OneLogin_Saml2_Logout_Request(self.__settings, self.__request_data['get_data']['SAMLRequest'])
+            self.__last_request = logout_request.get_xml()
             if not logout_request.is_valid(self.__request_data):
                 self.__errors.append('invalid_logout_request')
                 self.__error_reason = logout_request.get_error()
@@ -145,6 +150,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
                 in_response_to = logout_request.id
                 response_builder = OneLogin_Saml2_Logout_Response(self.__settings)
                 response_builder.build(in_response_to)
+                self.__last_response = response_builder.get_xml()
                 logout_response = response_builder.get_response()
 
                 parameters = {'SAMLResponse': logout_response}
@@ -285,12 +291,11 @@ def login(self, return_to=None, force_authn=False, is_passive=False, set_nameid_
         :rtype: string
         """
         authn_request = OneLogin_Saml2_Authn_Request(self.__settings, force_authn, is_passive, set_nameid_policy)
-
+        self.__last_request = authn_request.get_xml()
         self.__last_request_id = authn_request.get_id()
-
         saml_request = authn_request.get_request()
-        parameters = {'SAMLRequest': saml_request}
 
+        parameters = {'SAMLRequest': saml_request}
         if return_to is not None:
             parameters['RelayState'] = return_to
         else:
@@ -336,9 +341,8 @@ def logout(self, return_to=None, name_id=None, session_index=None, nq=None):
             session_index=session_index,
             nq=nq
         )
-
+        self.__last_request = logout_request.get_xml()
         self.__last_request_id = logout_request.id
-
         saml_request = logout_request.get_request()
 
         parameters = {'SAMLRequest': logout_request.get_request()}
@@ -451,3 +455,28 @@ def __build_signature(self, saml_data, relay_state, saml_type, sign_algorithm=On
 
         signature = dsig_ctx.signBinary(str(msg), sign_algorithm_transform)
         return b64encode(signature)
+
+    def get_last_response_xml(self, pretty_print_if_possible=False):
+        """
+        Retrieves the raw XML (decrypted) of the last SAML response,
+        or the last Logout Response generated or processed
+
+        :returns: SAML response XML
+        :rtype: string|None
+        """
+        response = None
+        if self.__last_response is not None:
+            if isinstance(self.__last_response, basestring):
+                response = self.__last_response
+            else:
+                response = etree.tostring(self.__last_response, pretty_print=pretty_print_if_possible)
+        return response
+
+    def get_last_request_xml(self):
+        """
+        Retrieves the raw XML sent in the last SAML request
+
+        :returns: SAML request XML
+        :rtype: string|None
+        """
+        return self.__last_request or None
@@ -149,3 +149,11 @@ def get_id(self):
         :rtype: string
         """
         return self.__id
+
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the request
+        :return: XML request body
+        :rtype: string
+        """
+        return self.__authn_request
@@ -130,6 +130,15 @@ def get_request(self, deflate=True):
             request = b64encode(self.__logout_request)
         return request
 
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the request
+        or that was received at the SP
+        :return: XML request body
+        :rtype: string
+        """
+        return self.__logout_request
+
     @staticmethod
     def get_id(request):
         """
 
@@ -205,6 +205,15 @@ def get_response(self, deflate=True):
             response = b64encode(self.__logout_response)
         return response
 
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the response
+        or that was received at the SP
+        :return: XML response body
+        :rtype: string
+        """
+        return self.__logout_response
+
     def get_error(self):
         """
         After executing a validation process, if it fails this method returns the cause
 
@@ -632,3 +632,15 @@ def get_error(self):
         After executing a validation process, if it fails this method returns the cause
         """
         return self.__error
+
+    def get_xml_document(self):
+        """
+        If necessary, decrypt the XML response document, and return it.
+
+        :return: Decrypted XML response document
+        :rtype: string
+        """
+        if self.encrypted:
+            return self.decrypted_document
+        else:
+            return self.document
@@ -0,0 +1,7 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_5f468249609040c6a351ac1be0e9fc60533ff09d3d" Version="2.0" IssueInstant="2014-03-29T12:01:57Z" Destination="http://stuff.com/endpoints/endpoints/acs.php" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d">
+    <saml:Issuer>http://idp.example.com/</saml:Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+    <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_519c2712648ee09a06d1f9a08e9e835715fea60267" Version="2.0" IssueInstant="2014-03-29T12:01:57Z"><saml:Issuer>http://idp.example.com/</saml:Issuer><saml:Subject><saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_68392312d490db6d355555cfbbd8ec95d746516f60</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2055-06-07T20:17:08Z" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2011-01-26T03:23:48Z" NotOnOrAfter="2055-06-07T20:17:08Z"><saml:AudienceRestriction><saml:Audience>http://stuff.com/endpoints/metadata.php</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-03-29T11:59:43Z" SessionNotOnOrAfter="2055-06-07T20:17:08Z" SessionIndex="_7164a9a9f97828bfdb8d0ebc004a05d2e7d873f70c"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue></saml:Attribute><saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">waa2</saml:AttributeValue></saml:Attribute><saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">user</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string">admin</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
+    </samlp:Response>
@@ -0,0 +1,7 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_5f468249609040c6a351ac1be0e9fc60533ff09d3d" Version="2.0" IssueInstant="2014-03-29T12:01:57Z" Destination="http://stuff.com/endpoints/endpoints/acs.php" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d">
+    <saml:Issuer>http://idp.example.com/</saml:Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+    <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_519c2712648ee09a06d1f9a08e9e835715fea60267" Version="2.0" IssueInstant="2014-03-29T12:01:57Z"><saml:Issuer>http://idp.example.com/</saml:Issuer><saml:Subject><saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_68392312d490db6d355555cfbbd8ec95d746516f60</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2055-06-07T20:17:08Z" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2011-01-26T03:23:48Z" NotOnOrAfter="2055-06-07T20:17:08Z"><saml:AudienceRestriction><saml:Audience>http://stuff.com/endpoints/metadata.php</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-03-29T11:59:43Z" SessionNotOnOrAfter="2055-06-07T20:17:08Z" SessionIndex="_7164a9a9f97828bfdb8d0ebc004a05d2e7d873f70c"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue></saml:Attribute><saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">waa2</saml:AttributeValue></saml:Attribute><saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">user</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string">admin</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
+    </samlp:Response>
@@ -0,0 +1,48 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfxc3d2b542-0f7e-8767-8e87-5b0dc6913375" Version="2.0" IssueInstant="2014-03-21T13:41:09Z" Destination="https://pitbulk.no-ip.org/newonelogin/demo1/index.php?acs" InResponseTo="ONELOGIN_5d9e319c1b8a67da48227964c28d280e7860f804">
+  <saml:Issuer>https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php</saml:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfxc3d2b542-0f7e-8767-8e87-5b0dc6913375"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>1dQFiYU0o2OF7c/RVV8Gpgb4u3I=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>wRgBXOq/FiLZc2mureTC/j6zY709OikJ5HeUSruHTdYjEg9aZy1RbxlKIYEIfXpnX7NBoKxfAMm+O0fsrqOjgcYxTVkqZjOr71qiXNbtwjeAkdYSpk5brsAcnfcPdv8QReYr3D7t5ZVCgYuvXQ+dNELKeag7e1ASOzVqOdp5Z9Y=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_cccd6024116641fe48e0ae2c51220d02755f96c98d" Version="2.0" IssueInstant="2014-03-21T13:41:09Z">
+    <saml:Issuer>https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php</saml:Issuer>
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_b98f98bb1ab512ced653b58baaff543448daed535d</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2023-09-22T19:01:09Z" Recipient="https://pitbulk.no-ip.org/newonelogin/demo1/index.php?acs" InResponseTo="ONELOGIN_5d9e319c1b8a67da48227964c28d280e7860f804"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2014-03-21T13:40:39Z" NotOnOrAfter="2023-09-22T19:01:09Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2014-03-21T13:41:09Z" SessionNotOnOrAfter="2014-03-21T21:41:09Z" SessionIndex="_9fe0c8dcd3302e7364fcab22a52748ebf2224df0aa">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">waa2</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">user</saml:AttributeValue>
+        <saml:AttributeValue xsi:type="xs:string">admin</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>