The spec says the default should be False if not specified
but lasso sets it to true unless it is explicitly set to
False. So let's be explicit and set it to True.
https://fedorahosted.org/ipsilon/ticket/136
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
raise ValueError('invalid role: %s' % role)
self.role = mdElement(self.root, description)
self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF)
+ if role == IDP_ROLE:
+ self.role.set('WantAuthnRequestsSigned', 'true')
return self.role
def set_expiration(self, exp):