From 779ee63021f87117db0e002e533b6c1a1a40433e Mon Sep 17 00:00:00 2001
From: Alexander Schrijver <alexander.schrijver@maykinmedia.nl>
Date: Thu, 28 May 2020 15:17:07 +0200
Subject: [PATCH] Ignore the Advice section when looking for signatures.

There can be legal Signature blocks in the 'Advice' element of a response. Since python3-saml does not suport doing
anything with the advice section, skipping it altogether seems. like the best solution.
---
 src/onelogin/saml2/response.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
index 04264919..0d50b471 100644
--- a/src/onelogin/saml2/response.py
+++ b/src/onelogin/saml2/response.py
@@ -666,8 +666,7 @@ def process_signed_elements(self):
         :returns: The signed elements tag names
         :rtype: list
         """
-        sign_nodes = self.__query('//ds:Signature')
-
+        sign_nodes = self.__query('//ds:Signature[not(ancestor::saml:Advice)]')
         signed_elements = []
         verified_seis = []
         verified_ids = []