feat: SPIDA validator cie_mode

italia · Feb 21, 2024 · 8e9f449 · 8e9f449
1 parent 1dac757
commit 8e9f449
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/example/backends/ciesaml2.py b/example/backends/ciesaml2.py
@@ -472,7 +472,6 @@ def authn_response(self, context, binding):
                 **{"message": _msg, "troubleshoot": _TROUBLESHOOT_MSG}
             )
 
-        list(context.state.keys())[1]
         # deprecated
         # if not context.state.get('Saml2IDP'):
         # _msg = "context.state['Saml2IDP'] KeyError"
@@ -496,6 +495,7 @@ def authn_response(self, context, binding):
             authn_context_class_ref=authn_context_classref,
             return_addrs=authn_response.return_addrs,
             allowed_acrs=self.config["spid_allowed_acrs"],
+            cie_mode = True
         )
         try:
             validator.run()

diff --git a/example/backends/spidsaml2_validator.py b/example/backends/spidsaml2_validator.py
@@ -34,6 +34,7 @@ def __init__(
         authn_context_class_ref="https://www.spid.gov.it/SpidL2",
         return_addrs=[],
         allowed_acrs=[],
+        cie_mode = False
     ):
 
         self.response = samlp.response_from_string(authn_response)
@@ -45,6 +46,7 @@ def __init__(
         self.return_addrs = return_addrs
         self.issuer = issuer
         self.allowed_acrs = allowed_acrs
+        self.cie_mode = cie_mode
 
     # handled adding authn req arguments in the session state (cookie)
     def validate_in_response_to(self):
@@ -88,13 +90,14 @@ def validate_issuer(self):
                     '!= "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"'
                 )
 
-        msg = "Issuer format is not valid: {}. {}"
-        # 70, 71
-        assiss = self.response.assertion[0].issuer
-        if not hasattr(assiss, "format") or not getattr(assiss, "format", None):
-            raise SPIDValidatorException(
-                msg.format(self.response.issuer.format, _ERROR_TROUBLESHOOT)
-            )
+        if not self.cie_mode:
+            msg = "Issuer format is not valid: {}. {}"
+            # 70, 71
+            assiss = self.response.assertion[0].issuer
+            if not hasattr(assiss, "format") or not getattr(assiss, "format", None):
+                raise SPIDValidatorException(
+                    msg.format(self.response.issuer.format, _ERROR_TROUBLESHOOT)
+                )
 
         # 72
         for i in self.response.assertion: