From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 17 Jul 2015 20:15:35 +0000 (-0400)
Subject: Set the value of WantAuthnRequestsSigned to True
X-Git-Tag: v1.1.0~51
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=63c1a25a0a0fb3bcf8ea054c49ce88ffc81599cc

Set the value of WantAuthnRequestsSigned to True

The spec says the default should be False if not specified
but lasso sets it to true unless it is explicitly set to
False. So let's be explicit and set it to True.

https://fedorahosted.org/ipsilon/ticket/136

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---

diff --git a/ipsilon/tools/saml2metadata.py b/ipsilon/tools/saml2metadata.py
index d360ccd..2138777 100755
--- a/ipsilon/tools/saml2metadata.py
+++ b/ipsilon/tools/saml2metadata.py
@@ -86,6 +86,8 @@ class Metadata(object):
             raise ValueError('invalid role: %s' % role)
         self.role = mdElement(self.root, description)
         self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF)
+        if role == IDP_ROLE:
+            self.role.set('WantAuthnRequestsSigned', 'true')
         return self.role
 
     def set_expiration(self, exp):