Add expected/received in WRONG_ISSUER error

pitbulk · pitbulk · commit d7370622a447 · 2018-11-02T13:27:33.000+01:00
diff --git a/src/onelogin/saml2/logout_request.py b/src/onelogin/saml2/logout_request.py
@@ -367,7 +367,11 @@ def is_valid(self, request_data, raise_exceptions=False):
                 issuer = OneLogin_Saml2_Logout_Request.get_issuer(dom)
                 if issuer is not None and issuer != idp_entity_id:
                     raise OneLogin_Saml2_ValidationError(
-                        'Invalid issuer in the Logout Request',
+                        'Invalid issuer in the Logout Request (expected %(idpEntityId)s, got %(issuer)s)' %
+                        {
+                            'idpEntityId': idp_entity_id,
+                            'issuer': issuer
+                        },
                         OneLogin_Saml2_ValidationError.WRONG_ISSUER
                     )
 
diff --git a/src/onelogin/saml2/logout_response.py b/src/onelogin/saml2/logout_response.py
@@ -114,7 +114,11 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
                 issuer = self.get_issuer()
                 if issuer is not None and issuer != idp_entity_id:
                     raise OneLogin_Saml2_ValidationError(
-                        'Invalid issuer in the Logout Request',
+                        'Invalid issuer in the Logout Response (expected %(idpEntityId)s, got %(issuer)s)' %
+                        {
+                            'idpEntityId': idp_entity_id,
+                            'issuer': issuer
+                        },
                         OneLogin_Saml2_ValidationError.WRONG_ISSUER
                     )
 
diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
@@ -224,7 +224,11 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
                 for issuer in issuers:
                     if issuer is None or issuer != idp_entity_id:
                         raise OneLogin_Saml2_ValidationError(
-                            'Invalid issuer in the Assertion/Response',
+                            'Invalid issuer in the Assertion/Response (expected %(idpEntityId)s, got %(issuer)s)' %
+                            {
+                                'idpEntityId': idp_entity_id,
+                                'issuer': issuer
+                            },
                             OneLogin_Saml2_ValidationError.WRONG_ISSUER
                         )
 
diff --git a/tests/src/OneLogin/saml2_tests/logout_response_test.py b/tests/src/OneLogin/saml2_tests/logout_response_test.py
@@ -186,7 +186,7 @@ def testIsInValidIssuer(self):
         settings.set_strict(True)
         response_2 = OneLogin_Saml2_Logout_Response(settings, message)
         self.assertFalse(response_2.is_valid(request_data))
-        self.assertIn('Invalid issuer in the Logout Request', response_2.get_error())
+        self.assertIn('Invalid issuer in the Logout Response', response_2.get_error())
 
     def testIsInValidDestination(self):
         """
@@ -272,7 +272,7 @@ def testIsInValidSign(self):
         settings.set_strict(True)
         response_2 = OneLogin_Saml2_Logout_Response(settings, request_data['get_data']['SAMLResponse'])
         self.assertFalse(response_2.is_valid(request_data))
-        self.assertIn('Invalid issuer in the Logout Request', response_2.get_error())
+        self.assertIn('Invalid issuer in the Logout Response', response_2.get_error())
 
         settings.set_strict(False)
         old_signature = request_data['get_data']['Signature']
diff --git a/tests/src/OneLogin/saml2_tests/response_test.py b/tests/src/OneLogin/saml2_tests/response_test.py
@@ -1012,11 +1012,11 @@ def testIsInValidIssuer(self):
         settings.set_strict(True)
         response_3 = OneLogin_Saml2_Response(settings, message)
         self.assertFalse(response_3.is_valid(request_data))
-        self.assertEqual('Invalid issuer in the Assertion/Response', response_3.get_error())
+        self.assertEqual('Invalid issuer in the Assertion/Response (expected http://idp.example.com/, got http://invalid.issuer.example.com/)', response_3.get_error())
 
         response_4 = OneLogin_Saml2_Response(settings, message_2)
         self.assertFalse(response_4.is_valid(request_data))
-        self.assertEqual('Invalid issuer in the Assertion/Response', response_4.get_error())
+        self.assertEqual('Invalid issuer in the Assertion/Response (expected http://idp.example.com/, got http://invalid.isser.example.com/)', response_4.get_error())
 
     def testIsInValidSessionIndex(self):
         """
