Hello community,
here is the log from the commit of package python-python3-saml for
openSUSE:Factory checked in at 2020-03-20 23:58:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-python3-saml (Old)
and /work/SRC/openSUSE:Factory/.python-python3-saml.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-python3-saml"
Fri Mar 20 23:58:59 2020 rev:3 rq:786816 version:1.9.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-python3-saml/python-python3-saml.changes
2019-07-22 17:20:07.573898804 +0200
+++
/work/SRC/openSUSE:Factory/.python-python3-saml.new.3160/python-python3-saml.changes
2020-03-21 00:02:40.605141292 +0100
@@ -1,0 +2,9 @@
+Fri Mar 20 10:36:31 UTC 2020 - [email protected]
+
+- version update to 1.9.0
+ * Allow any number of decimal places for seconds on SAML datetimes
+ * Fix failOnAuthnContextMismatch code
+ * Improve signature validation when no reference uri
+ * Update demo versions. Improve them and add Tornado demo.
+
+-------------------------------------------------------------------
Old:
----
python3-saml-1.7.0.tar.gz
New:
----
python3-saml-1.9.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-python3-saml.spec ++++++
--- /var/tmp/diff_new_pack.brJ01b/_old 2020-03-21 00:02:43.109142664 +0100
+++ /var/tmp/diff_new_pack.brJ01b/_new 2020-03-21 00:02:43.113142667 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-python3-saml
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,13 +18,13 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-python3-saml
-Version: 1.7.0
+Version: 1.9.0
Release: 0
Summary: Python SAML support
License: MIT
Group: Development/Languages/Python
URL: https://github.com/onelogin/python3-saml
-Source:
https://github.com/onelogin/python3-saml/archive/v.%{version}.tar.gz#/python3-saml-%{version}.tar.gz
+Source:
https://github.com/onelogin/python3-saml/archive/v%{version}.tar.gz#/python3-saml-%{version}.tar.gz
Patch0: bug-testDecryptElement.patch
BuildRequires: %{python_module defusedxml >= 0.5.0}
BuildRequires: %{python_module freezegun >= 0.3.11}
@@ -50,7 +50,7 @@
defined by the OASIS Security Services Technical Committee.
%prep
-%setup -q -n python3-saml-v.%{version}
+%setup -q -n python3-saml-%{version}
%patch0 -p1
sed -i 's/==/>=/;/dependency_links/d' setup.py
++++++ python3-saml-1.7.0.tar.gz -> python3-saml-1.9.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/.travis.yml
new/python3-saml-1.9.0/.travis.yml
--- old/python3-saml-v.1.7.0/.travis.yml 2019-07-02 20:09:38.000000000
+0200
+++ new/python3-saml-1.9.0/.travis.yml 2019-11-20 18:17:19.000000000 +0100
@@ -1,9 +1,9 @@
language: python
python:
- '2.7'
- - '3.4'
- '3.5'
- '3.6'
+ - '3.7'
matrix:
include:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/README.md
new/python3-saml-1.9.0/README.md
--- old/python3-saml-v.1.7.0/README.md 2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/README.md 2019-11-20 18:17:19.000000000 +0100
@@ -14,6 +14,8 @@
#### Warning ####
+Version 1.8.0 sets strict mode active by default
+
Update ``python3-saml`` to ``1.5.0``, this version includes security
improvements for preventing XEE and Xpath Injections.
Update ``python3-saml`` to ``1.4.0``, this version includes a fix for the
[CVE-2017-11427](https://www.cvedetails.com/cve/CVE-2017-11427/) vulnerability.
@@ -172,6 +174,11 @@
This folder contains a Pyramid project that will be used as demo to show how
to add SAML support to the [Pyramid Web
Framework](http://docs.pylonsproject.org/projects/pyramid/en/latest/).
``\_\_init__.py`` is the main file that configures the app and its routes,
``views.py`` is where all the logic and SAML handling takes place, and the
templates are stored in the ``templates`` folder. The ``saml`` folder is the
same as in the other two demos.
+#### demo-tornado ####
+
+This folder contains a Tornado project that will be used as demo to show how
to add SAML support to the Tornado Framework. ``views.py`` (with its
``settings.py``) is the main Flask file that has all the code, this file uses
the templates stored at the ``templates`` folder. In the ``saml`` folder we
found the ``certs`` folder to store the X.509 public and private key, and the
SAML toolkit settings (``settings.json`` and ``advanced_settings.json``).
+
+It requires python3.5 (it's using tornado 6.0.3)
#### setup.py ####
@@ -408,7 +415,7 @@
"requestedAuthnContext": true,
// Allows the authn comparison parameter to be set, defaults to 'exact'
if the setting is not present.
"requestedAuthnContextComparison": "exact",
- // Set to true to check that the AuthnContext received matches the one
requested.
+ // Set to true to check that the AuthnContext(s) received match(es)
the requested.
"failOnAuthnContextMismatch": false,
// In some environment you will need to set how long the published
metadata of the Service Provider gonna be valid.
@@ -540,7 +547,7 @@
"get_data": "",
"post_data": "",
- /* Advanced request options */
+ # Advanced request options
"https": "",
"lowercase_urlencoding": "",
"request_uri": "",
@@ -599,7 +606,7 @@
The ``AuthNRequest`` will be sent signed or unsigned based on the security
info of the ``advanced_settings.json`` file (i.e. ``authnRequestsSigned``).
-The IdP will then return the SAML Response to the user's client. The client is
then forwarded to the **Attribute Consumer Service (ACS)** of the SP with this
information.
+The IdP will then return the SAML Response to the user's client. The client is
then forwarded to the **Assertion Consumer Service (ACS)** of the SP with this
information.
We can set a ``return_to`` url parameter to the login function and that will
be converted as a ``RelayState`` parameter:
@@ -648,7 +655,7 @@
```
to get the settings object and with the ``sp_validation_only=True`` parameter
we will avoid the IdP settings validation.
-***Attribute Consumer Service (ACS)***
+***Assertion Consumer Service (ACS)***
This code handles the SAML response that the IdP forwards to the SP through
the user's client.
@@ -1095,7 +1102,7 @@
Demos included in the toolkit
-----------------------------
-The toolkit includes 2 demos to teach how use the toolkit (A Django and a
Flask project), take a look on it.
+The toolkit includes 3 demos to teach how use the toolkit (A Django, Flask and
a Tornado project), take a look on it.
Demos require that SP and IdP are well configured before test it, so edit the
settings files.
Notice that each python framework has it own way to handle routes/urls and
process request, so focus on
@@ -1171,6 +1178,79 @@
First we need to edit the ``saml/settings.json`` file, configure the SP part
and review the metadata of the IdP and complete the IdP info. Later edit the
``saml/advanced_settings.json`` files and configure the how the toolkit will
work. Check the settings section of this document if you have any doubt.
+#### IdP setup ####
+
+Once the SP is configured, the metadata of the SP is published at the
``/metadata`` url. Based on that info, configure the IdP.
+
+#### How it works ####
+
+ 1. First time you access to the main view (http://localhost:8000), you can
select to login and return to the same view or login and be redirected to
``/?attrs`` (attrs view).
+
+ 2. When you click:
+
+ 2.1 in the first link, we access to ``/?sso`` (index view). An
``AuthNRequest`` is sent to the IdP, we authenticate at the IdP and then a
Response is sent through the user's client to the SP, specifically the
Assertion Consumer Service view: ``/?acs``. Notice that a ``RelayState``
parameter is set to the url that initiated the process, the index view.
+
+ 2.2 in the second link we access to ``/?attrs`` (attrs view), we will
expetience have the same process described at 2.1 with the diference that as
``RelayState`` is set the ``attrs`` url.
+
+ 3. The SAML Response is processed in the ACS ``/?acs``, if the Response is
not valid, the process stops here and a message is shown. Otherwise we are
redirected to the ``RelayState`` view. a) / or b) ``/?attrs``
+
+ 4. We are logged in the app and the user attributes are showed. At this
point, we can test the single log out functionality.
+
+ The single log out functionality could be tested by 2 ways.
+
+ 5.1 SLO Initiated by SP. Click on the ``logout`` link at the SP, after
that a Logout Request is sent to the IdP, the session at the IdP is closed and
replies through the client to the SP with a Logout Response (sent to the Single
Logout Service endpoint). The SLS endpoint ``/?sls`` of the SP process the
Logout Response and if is valid, close the user session of the local app.
Notice that the SLO Workflow starts and ends at the SP.
+
+ 5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP
side, the logout process is initiated at the IdP, sends a Logout Request to the
SP (SLS endpoint, ``/?sls``). The SLS endpoint of the SP process the Logout
Request and if is valid, close the session of the user at the local app and
send a Logout Response to the IdP (to the SLS endpoint of the IdP). The IdP
receives the Logout Response, process it and close the session at of the IdP.
Notice that the SLO Workflow starts and ends at the IdP.
+
+Notice that all the SAML Requests and Responses are handled at a unique view
(index) and how GET parameters are used to know the action that must be done.
+
+### Demo Tornado ###
+
+You'll need a virtualenv with the toolkit installed on it.
+
+First of all you need some packages, execute:
+```
+apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl
+```
+
+To run the demo you need to install the requirements first. Load your
+virtualenv and execute:
+```
+ pip install -r demo-tornado/requirements.txt
+```
+
+
+This will install tornado and its dependencies. Once it has finished, you have
to complete the configuration
+of the toolkit. You'll find it at `demo-tornado/saml/settings.json`
+
+Now, with the virtualenv loaded, you can run the demo like this:
+```
+ cd demo-tornado
+ python views.py
+```
+
+You'll have the demo running at http://localhost:8000
+
+#### Content ####
+
+The tornado project contains:
+
+* ***views.py*** Is the main flask file, where or the SAML handle take place.
+
+* ***settings.py*** Contains the base path and the path where is located the
``saml`` folder and the ``template`` folder
+
+* ***templates***. Is the folder where tornado stores the templates of the
project. It was implemented a base.html template that is extended by index.html
and attrs.html, the templates of our simple demo that shows messages, user
attributes when available and login and logout links.
+
+* ***saml*** Is a folder that contains the 'certs' folder that could be used
to store the X.509 public and private key, and the saml toolkit settings
(settings.json and advanced_settings.json).
+
+#### SP setup ####
+
+The Onelogin's Python Toolkit allows you to provide the settings info in 2
ways: Settings files or define a setting dict. In the ``demo-tornado``, it uses
the first method.
+
+In the ``settings.py`` file we define the ``SAML_PATH``, that will target to
the ``saml`` folder. We require it in order to load the settings files.
+
+First we need to edit the ``saml/settings.json`` file, configure the SP part
and review the metadata of the IdP and complete the IdP info. Later edit the
``saml/advanced_settings.json`` files and configure the how the toolkit will
work. Check the settings section of this document if you have any doubt.
+
#### IdP setup ####
Once the SP is configured, the metadata of the SP is published at the
``/metadata`` url. Based on that info, configure the IdP.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/changelog.md
new/python3-saml-1.9.0/changelog.md
--- old/python3-saml-v.1.7.0/changelog.md 2019-07-02 20:09:38.000000000
+0200
+++ new/python3-saml-1.9.0/changelog.md 2019-11-20 18:17:19.000000000 +0100
@@ -1,4 +1,15 @@
# python3-saml changelog
+### 1.9.0 (Nov 20, 2019)
+* Allow any number of decimal places for seconds on SAML datetimes
+* Fix failOnAuthnContextMismatch code
+* Improve signature validation when no reference uri
+* Update demo versions. Improve them and add Tornado demo.
+
+### 1.8.0 (Sep 11, 2019)
+* Set true as the default value for strict setting
+* [#152](https://github.com/onelogin/python3-saml/pull/152/files) Don't clean
xsd and xsi namespaces
+* Drop python3.4 support due lxml. See lxml 4.4.0 (2019-07-27)
+
### 1.7.0 (Jul 02, 2019)
* Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from
SAMLResponse. Adjusted single logout service to provide NameQualifier and
SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and
SamlResponse. Extend logout method from Auth and LogoutRequest constructor to
support SPNameQualifier parameter. Align LogoutRequest constructor with SAML
specs
* Added get_in_response_to method to Response and LogoutResponse classes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-django/demo/views.py
new/python3-saml-1.9.0/demo-django/demo/views.py
--- old/python3-saml-v.1.7.0/demo-django/demo/views.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/demo-django/demo/views.py 2019-11-20
18:17:19.000000000 +0100
@@ -86,8 +86,7 @@
request.session['samlSessionIndex'] = auth.get_session_index()
if 'RelayState' in req['post_data'] and
OneLogin_Saml2_Utils.get_self_url(req) != req['post_data']['RelayState']:
return
HttpResponseRedirect(auth.redirect_to(req['post_data']['RelayState']))
- else:
- if auth.get_settings().is_debug_active():
+ elif auth.get_settings().is_debug_active():
error_reason = auth.get_last_error_reason()
elif 'sls' in req['get_data']:
request_id = None
@@ -101,6 +100,8 @@
return HttpResponseRedirect(url)
else:
success_slo = True
+ elif auth.get_settings().is_debug_active():
+ error_reason = auth.get_last_error_reason()
if 'samlUserdata' in request.session:
paint_logout = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-django/requirements.txt
new/python3-saml-1.9.0/demo-django/requirements.txt
--- old/python3-saml-v.1.7.0/demo-django/requirements.txt 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/demo-django/requirements.txt 2019-11-20
18:17:19.000000000 +0100
@@ -1,2 +1,2 @@
-Django==1.11
+Django==1.11.26
python3-saml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-flask/index.py
new/python3-saml-1.9.0/demo-flask/index.py
--- old/python3-saml-v.1.7.0/demo-flask/index.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/demo-flask/index.py 2019-11-20 18:17:19.000000000
+0100
@@ -39,6 +39,7 @@
req = prepare_flask_request(request)
auth = init_saml_auth(req)
errors = []
+ error_reason = None
not_auth_warn = False
success_slo = False
attributes = False
@@ -86,6 +87,8 @@
self_url = OneLogin_Saml2_Utils.get_self_url(req)
if 'RelayState' in request.form and self_url !=
request.form['RelayState']:
return redirect(auth.redirect_to(request.form['RelayState']))
+ elif auth.get_settings().is_debug_active():
+ error_reason = auth.get_last_error_reason()
elif 'sls' in request.args:
request_id = None
if 'LogoutRequestID' in session:
@@ -98,6 +101,8 @@
return redirect(url)
else:
success_slo = True
+ elif auth.get_settings().is_debug_active():
+ error_reason = auth.get_last_error_reason()
if 'samlUserdata' in session:
paint_logout = True
@@ -107,6 +112,7 @@
return render_template(
'index.html',
errors=errors,
+ error_reason=error_reason,
not_auth_warn=not_auth_warn,
success_slo=success_slo,
attributes=attributes,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-flask/requirements.txt
new/python3-saml-1.9.0/demo-flask/requirements.txt
--- old/python3-saml-v.1.7.0/demo-flask/requirements.txt 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/demo-flask/requirements.txt 2019-11-20
18:17:19.000000000 +0100
@@ -1 +1 @@
-flask==0.10.1
+flask==1.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-flask/templates/index.html
new/python3-saml-1.9.0/demo-flask/templates/index.html
--- old/python3-saml-v.1.7.0/demo-flask/templates/index.html 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/demo-flask/templates/index.html 2019-11-20
18:17:19.000000000 +0100
@@ -10,6 +10,9 @@
<li>{{err}}</li>
{% endfor %}
</ul>
+ {% if error_reason %}
+ <span>{{error_reason}}</span>
+ {% endif %}
</div>
{% endif %}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-tornado/README.md
new/python3-saml-1.9.0/demo-tornado/README.md
--- old/python3-saml-v.1.7.0/demo-tornado/README.md 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/README.md 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,9 @@
+# Tornado Demo #
+Fully-working tornado-demo.
+
+### About issues ###
+This is only a demo, some issues about session still remain.
+Actually the session is global.
+
+### Production ###
+Remember to disable debugging in production.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-tornado/Settings.py
new/python3-saml-1.9.0/demo-tornado/Settings.py
--- old/python3-saml-v.1.7.0/demo-tornado/Settings.py 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/Settings.py 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,6 @@
+import os
+
+BASE_DIR = os.path.dirname(__file__)
+
+SAML_PATH = os.path.join(BASE_DIR, 'saml')
+TEMPLATE_PATH = os.path.join(BASE_DIR, 'templates')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-tornado/requirements.txt
new/python3-saml-1.9.0/demo-tornado/requirements.txt
--- old/python3-saml-v.1.7.0/demo-tornado/requirements.txt 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/requirements.txt 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1 @@
+tornado==6.0.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/demo-tornado/saml/advanced_settings.json
new/python3-saml-1.9.0/demo-tornado/saml/advanced_settings.json
--- old/python3-saml-v.1.7.0/demo-tornado/saml/advanced_settings.json
1970-01-01 01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/saml/advanced_settings.json
2019-11-20 18:17:19.000000000 +0100
@@ -0,0 +1,33 @@
+{
+ "security": {
+ "nameIdEncrypted": false,
+ "authnRequestsSigned": false,
+ "logoutRequestSigned": false,
+ "logoutResponseSigned": false,
+ "signMetadata": false,
+ "wantMessagesSigned": false,
+ "wantAssertionsSigned": false,
+ "wantNameId" : true,
+ "wantNameIdEncrypted": false,
+ "wantAssertionsEncrypted": false,
+ "signatureAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1";,
+ "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1";
+ },
+ "contactPerson": {
+ "technical": {
+ "givenName": "technical_name",
+ "emailAddress": "[email protected]"
+ },
+ "support": {
+ "givenName": "support_name",
+ "emailAddress": "[email protected]"
+ }
+ },
+ "organization": {
+ "en-US": {
+ "name": "sp_test",
+ "displayname": "SP test",
+ "url": "http://sp.example.com";
+ }
+ }
+}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-tornado/saml/certs/README
new/python3-saml-1.9.0/demo-tornado/saml/certs/README
--- old/python3-saml-v.1.7.0/demo-tornado/saml/certs/README 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/saml/certs/README 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,13 @@
+Take care of this folder that could contain private key. Be sure that this
folder never is published.
+
+Onelogin Python Toolkit expects that certs for the SP could be stored in this
folder as:
+
+ * sp.key Private Key
+ * sp.crt Public cert
+ * sp_new.crt Future Public cert
+
+
+Also you can use other cert to sign the metadata of the SP using the:
+
+ * metadata.key
+ * metadata.crt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-tornado/saml/settings.json
new/python3-saml-1.9.0/demo-tornado/saml/settings.json
--- old/python3-saml-v.1.7.0/demo-tornado/saml/settings.json 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/saml/settings.json 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,30 @@
+{
+ "strict": true,
+ "debug": true,
+ "sp": {
+ "entityId": "https://<sp_domain>/metadata/",
+ "assertionConsumerService": {
+ "url": "https://<sp_domain>/?acs",
+ "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ },
+ "singleLogoutService": {
+ "url": "https://<sp_domain>/?sls",
+ "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ },
+ "NameIDFormat":
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
+ "x509cert": "",
+ "privateKey": ""
+ },
+ "idp": {
+ "entityId":
"https://app.onelogin.com/saml/metadata/<onelogin_connector_id>",
+ "singleSignOnService": {
+ "url":
"https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>",
+ "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ },
+ "singleLogoutService": {
+ "url":
"https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>",
+ "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ },
+ "x509cert": "<onelogin_connector_cert>"
+ }
+}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/demo-tornado/templates/attrs.html
new/python3-saml-1.9.0/demo-tornado/templates/attrs.html
--- old/python3-saml-v.1.7.0/demo-tornado/templates/attrs.html 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/templates/attrs.html 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,35 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+{% if paint_logout %}
+ {% if attributes %}
+ <p>You have the following attributes:</p>
+ <table class="table table-striped">
+ <thead>
+ <th>Name</th><th>Values</th>
+ </thead>
+ <tbody>
+ {% for attr, i in attributes %}
+ {% if i == 0 %}
+ <tr><td>{{ attr }}</td>
+ <td><ul class="list-unstyled">
+ {% end %}
+ {% if i == 1 %}
+ {% for val in attr %}
+ <li>{{ val }}</li>
+ {% end %}
+ {% end %}
+ </ul></td></tr>
+ {% end %}
+ </tbody>
+ </table>
+ {% else %}
+ <div class="alert alert-danger" role="alert">You don't have any
attributes</div>
+ {% end %}
+ <a href="/?slo" class="btn btn-danger">Logout</a>
+{% else %}
+ <a href="/?sso2" class="btn btn-primary">Login and access again to this
page</a>
+{% end %}
+
+{% end %}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/demo-tornado/templates/base.html
new/python3-saml-1.9.0/demo-tornado/templates/base.html
--- old/python3-saml-v.1.7.0/demo-tornado/templates/base.html 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/templates/base.html 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <title>A Python SAML Toolkit by OneLogin demo</title>
+
+ <link rel="stylesheet"
href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
+
+ <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media
queries -->
+ <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
+ <!--[if lt IE 9]>
+ <script
src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js";></script>
+ <script
src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js";></script>
+ <![endif]-->
+ </head>
+ <body>
+ <div class="container">
+ <h1>A Python SAML Toolkit by OneLogin demo</h1>
+
+ {% block content %}{% end %}
+ </div>
+ </body>
+</html>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/demo-tornado/templates/index.html
new/python3-saml-1.9.0/demo-tornado/templates/index.html
--- old/python3-saml-v.1.7.0/demo-tornado/templates/index.html 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/templates/index.html 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,69 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+{% if errors %}
+ <div class="alert alert-danger" role="alert">
+ <strong>Errors:</strong>
+ <ul class="list-unstyled">
+ {% for err in errors %}
+ <li>{{err}}</li>
+ {% end %}
+ {% if error_reason %}
+ <span>{{error_reason}}</span>
+ {% end %}
+ </ul>
+ </div>
+{% end %}
+
+{% if not_auth_warn %}
+ <div class="alert alert-danger" role="alert">Not authenticated</div>
+{% end %}
+
+{% if success_slo %}
+ <div class="alert alert-success" role="alert">Successfully logged out</div>
+{% end %}
+
+{% if paint_logout %}
+ {% if attributes %}
+ <table class="table table-striped">
+ <thead>
+ <th>Name</th><th>Values</th>
+ </thead>
+ <tbody>
+ {% for attr in attributes %}
+ <tr>
+ <td>{{ attr[0] }}</td>
+ <td><ul class="list-unstyled">
+ <!-- <li>{{ attr[1][0] }}</li> -->
+ {% for elem in attr[1] %}
+ <li>{{ elem }}</li>
+ {% end %}
+ </ul></td>
+ </tr>
+ {% end %}
+
+
+ <!-- {% for attr, i in attributes %}
+ {% if i == 0 %}
+ <tr><td>{{ attr }}</td>
+ <td><ul class="list-unstyled">
+ {% end %}
+ {% if i == 1 %}
+ {% for val in attr %}
+ <li>{{ val }}</li>
+ {% end %}
+ {% end %}
+ </ul></td></tr>
+ {% end %} -->
+ </tbody>
+ </table>
+ {% else %}
+ <div class="alert alert-danger" role="alert">You don't have any
attributes</div>
+ {% end %}
+ <a href="?slo" class="btn btn-danger">Logout</a>
+{% else %}
+ <a href="?sso" class="btn btn-primary">Login</a> <a href="?sso2" class="btn
btn-info">Login and access to attrs page</a>
+{% end %}
+
+{% end %}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/demo-tornado/views.py
new/python3-saml-1.9.0/demo-tornado/views.py
--- old/python3-saml-v.1.7.0/demo-tornado/views.py 1970-01-01
01:00:00.000000000 +0100
+++ new/python3-saml-1.9.0/demo-tornado/views.py 2019-11-20
18:17:19.000000000 +0100
@@ -0,0 +1,178 @@
+import tornado.ioloop
+import tornado.web
+import Settings
+import tornado.httpserver
+import tornado.httputil
+
+from onelogin.saml2.auth import OneLogin_Saml2_Auth
+from onelogin.saml2.utils import OneLogin_Saml2_Utils
+
+# Global session info
+session = {}
+
+
+class Application(tornado.web.Application):
+ def __init__(self):
+ handlers = [
+ (r"/", IndexHandler),
+ (r"/attrs", AttrsHandler),
+ (r"/metadata", MetadataHandler),
+ ]
+ settings = {
+ "template_path": Settings.TEMPLATE_PATH,
+ "saml_path": Settings.SAML_PATH,
+ "autorealod": True,
+ "debug": True
+ }
+ tornado.web.Application.__init__(self, handlers, **settings)
+
+
+class IndexHandler(tornado.web.RequestHandler):
+ def post(self):
+ req = prepare_tornado_request(self.request)
+ auth = init_saml_auth(req)
+ error_reason = None
+ attributes = False
+ paint_logout = False
+ success_slo = False
+
+ auth.process_response()
+ errors = auth.get_errors()
+ not_auth_warn = not auth.is_authenticated()
+
+ if len(errors) == 0:
+ session['samlUserdata'] = auth.get_attributes()
+ session['samlNameId'] = auth.get_nameid()
+ session['samlSessionIndex'] = auth.get_session_index()
+ self_url = OneLogin_Saml2_Utils.get_self_url(req)
+ if 'RelayState' in self.request.arguments and self_url !=
self.request.arguments['RelayState'][0].decode('utf-8'):
+ return
self.redirect(self.request.arguments['RelayState'][0].decode('utf-8'))
+ elif auth.get_settings().is_debug_active():
+ error_reason = auth.get_last_error_reason()
+
+ if 'samlUserdata' in session:
+ paint_logout = True
+ if len(session['samlUserdata']) > 0:
+ attributes = session['samlUserdata'].items()
+
+ self.render('index.html', errors=errors, error_reason=error_reason,
not_auth_warn=not_auth_warn, success_slo=success_slo, attributes=attributes,
paint_logout=paint_logout)
+
+ def get(self):
+ req = prepare_tornado_request(self.request)
+ auth = init_saml_auth(req)
+ error_reason = None
+ errors = []
+ not_auth_warn = False
+ success_slo = False
+ attributes = False
+ paint_logout = False
+
+ if 'sso' in req['get_data']:
+ print('-sso-')
+ return self.redirect(auth.login())
+ elif 'sso2' in req['get_data']:
+ print('-sso2-')
+ return_to = '%s/attrs' % self.request.host
+ return self.redirect(auth.login(return_to))
+ elif 'slo' in req['get_data']:
+ print('-slo-')
+ name_id = None
+ session_index = None
+ if 'samlNameId' in session:
+ name_id = session['samlNameId']
+ if 'samlSessionIndex' in session:
+ session_index = session['samlSessionIndex']
+ return self.redirect(auth.logout(name_id=name_id,
session_index=session_index))
+ elif 'acs' in req['get_data']:
+ print('-acs-')
+ auth.process_response()
+ errors = auth.get_errors()
+ not_auth_warn = not auth.is_authenticated()
+ if len(errors) == 0:
+ session['samlUserdata'] = auth.get_attributes()
+ session['samlNameId'] = auth.get_nameid()
+ session['samlSessionIndex'] = auth.get_session_index()
+ self_url = OneLogin_Saml2_Utils.get_self_url(req)
+ if 'RelayState' in self.request.arguments and self_url !=
self.request.arguments['RelayState'][0].decode('utf-8'):
+ return
self.redirect(auth.redirect_to(self.request.arguments['RelayState'][0].decode('utf-8')))
+ elif auth.get_settings().is_debug_active():
+ error_reason = auth.get_last_error_reason()
+ elif 'sls' in req['get_data']:
+ print('-sls-')
+ dscb = lambda: session.clear() # clear out the session
+ url = auth.process_slo(delete_session_cb=dscb)
+ errors = auth.get_errors()
+ if len(errors) == 0:
+ if url is not None:
+ return self.redirect(url)
+ else:
+ success_slo = True
+ elif auth.get_settings().is_debug_active():
+ error_reason = auth.get_last_error_reason()
+ if 'samlUserdata' in session:
+ print('-samlUserdata-')
+ paint_logout = True
+ if len(session['samlUserdata']) > 0:
+ attributes = session['samlUserdata'].items()
+ print("ATTRIBUTES", attributes)
+ self.render('index.html', errors=errors, error_reason=error_reason,
not_auth_warn=not_auth_warn, success_slo=success_slo, attributes=attributes,
paint_logout=paint_logout)
+
+
+class AttrsHandler(tornado.web.RequestHandler):
+ def get(self):
+ paint_logout = False
+ attributes = False
+
+ if 'samlUserdata' in session:
+ paint_logout = True
+ if len(session['samlUserdata']) > 0:
+ attributes = session['samlUserdata'].items()
+
+ self.render('attrs.html', paint_logout=paint_logout,
attributes=attributes)
+
+
+class MetadataHandler(tornado.web.RequestHandler):
+ def get(self):
+ req = prepare_tornado_request(self.request)
+ auth = init_saml_auth(req)
+ saml_settings = auth.get_settings()
+ metadata = saml_settings.get_sp_metadata()
+ errors = saml_settings.validate_metadata(metadata)
+
+ if len(errors) == 0:
+ # resp = HttpResponse(content=metadata, content_type='text/xml')
+ self.set_header('Content-Type', 'text/xml')
+ self.write(metadata)
+ else:
+ # resp = HttpResponseServerError(content=', '.join(errors))
+ self.write(', '.join(errors))
+ # return resp
+
+
+def prepare_tornado_request(request):
+
+ dataDict = {}
+ for key in request.arguments:
+ dataDict[key] = request.arguments[key][0].decode('utf-8')
+
+ result = {
+ 'https': 'on' if request == 'https' else 'off',
+ 'http_host': tornado.httputil.split_host_and_port(request.host)[0],
+ 'script_name': request.path,
+ 'server_port': tornado.httputil.split_host_and_port(request.host)[1],
+ 'get_data': dataDict,
+ 'post_data': dataDict,
+ 'query_string': request.query
+ }
+ return result
+
+
+def init_saml_auth(req):
+ auth = OneLogin_Saml2_Auth(req, custom_base_path=Settings.SAML_PATH)
+ return auth
+
+if __name__ == "__main__":
+ app = Application()
+ http_server = tornado.httpserver.HTTPServer(app)
+ http_server.listen(8000)
+ tornado.ioloop.IOLoop.instance().start()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/setup.py
new/python3-saml-1.9.0/setup.py
--- old/python3-saml-v.1.7.0/setup.py 2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/setup.py 2019-11-20 18:17:19.000000000 +0100
@@ -9,7 +9,7 @@
setup(
name='python3-saml',
- version='1.7.0',
+ version='1.9.0',
description='Onelogin Python Toolkit. Add SAML support to your Python
software using this library',
classifiers=[
'Development Status :: 5 - Production/Stable',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/src/onelogin/saml2/auth.py
new/python3-saml-1.9.0/src/onelogin/saml2/auth.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/auth.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/auth.py 2019-11-20
18:17:19.000000000 +0100
@@ -315,7 +315,7 @@
:param name: Name of the attribute
:type name: string
- :returns: Attribute value if exists or []
+ :returns: Attribute value if exists or None
:rtype: string
"""
assert isinstance(name, compat.str_type)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/src/onelogin/saml2/authn_request.py
new/python3-saml-1.9.0/src/onelogin/saml2/authn_request.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/authn_request.py
2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/authn_request.py 2019-11-20
18:17:19.000000000 +0100
@@ -95,9 +95,7 @@
requested_authn_context_str = ''
if security['requestedAuthnContext'] is not False:
- authn_comparison = 'exact'
- if 'requestedAuthnContextComparison' in security.keys():
- authn_comparison = security['requestedAuthnContextComparison']
+ authn_comparison = security['requestedAuthnContextComparison']
if security['requestedAuthnContext'] is True:
requested_authn_context_str = """
<samlp:RequestedAuthnContext Comparison="%s">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/src/onelogin/saml2/constants.py
new/python3-saml-1.9.0/src/onelogin/saml2/constants.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/constants.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/constants.py 2019-11-20
18:17:19.000000000 +0100
@@ -53,6 +53,7 @@
NS_PREFIX_MD = 'md'
NS_PREFIX_XS = 'xs'
NS_PREFIX_XSI = 'xsi'
+ NS_PREFIX_XSD = 'xsd'
NS_PREFIX_XENC = 'xenc'
NS_PREFIX_DS = 'ds'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/src/onelogin/saml2/idp_metadata_parser.py
new/python3-saml-1.9.0/src/onelogin/saml2/idp_metadata_parser.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/idp_metadata_parser.py
2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/idp_metadata_parser.py
2019-11-20 18:17:19.000000000 +0100
@@ -219,9 +219,9 @@
"""
Will update the settings with the provided new settings data extracted
from the IdP metadata
:param settings: Current settings dict data
- :type settings: string
+ :type settings: dict
:param new_metadata_settings: Settings to be merged (extracted from
IdP metadata after parsing)
- :type new_metadata_settings: string
+ :type new_metadata_settings: dict
:returns: merged settings
:rtype: dict
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/src/onelogin/saml2/response.py
new/python3-saml-1.9.0/src/onelogin/saml2/response.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/response.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/response.py 2019-11-20
18:17:19.000000000 +0100
@@ -166,10 +166,10 @@
requested_authn_contexts = security['requestedAuthnContext']
if security['failOnAuthnContextMismatch'] and
requested_authn_contexts and requested_authn_contexts is not True:
authn_contexts = self.get_authn_contexts()
- unmatched_contexts =
set(requested_authn_contexts).difference(authn_contexts)
+ unmatched_contexts =
set(authn_contexts).difference(requested_authn_contexts)
if unmatched_contexts:
raise OneLogin_Saml2_ValidationError(
- 'The AuthnContext "%s" didn\'t include requested
context "%s"' % (', '.join(authn_contexts), ', '.join(unmatched_contexts)),
+ 'The AuthnContext "%s" was not a requested context
"%s"' % (', '.join(unmatched_contexts), ', '.join(requested_authn_contexts)),
OneLogin_Saml2_ValidationError.AUTHN_CONTEXT_MISMATCH
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/src/onelogin/saml2/settings.py
new/python3-saml-1.9.0/src/onelogin/saml2/settings.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/settings.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/settings.py 2019-11-20
18:17:19.000000000 +0100
@@ -83,7 +83,7 @@
"""
self.__sp_validation_only = sp_validation_only
self.__paths = {}
- self.__strict = False
+ self.__strict = True
self.__debug = False
self.__sp = {}
self.__idp = {}
@@ -214,7 +214,7 @@
self.__errors = []
self.__sp = settings['sp']
self.__idp = settings.get('idp', {})
- self.__strict = settings.get('strict', False)
+ self.__strict = settings.get('strict', True)
self.__debug = settings.get('debug', False)
self.__security = settings.get('security', {})
self.__contacts = settings.get('contactPerson', {})
@@ -310,6 +310,7 @@
self.__sp.setdefault('privateKey', '')
self.__security.setdefault('requestedAuthnContext', True)
+ self.__security.setdefault('requestedAuthnContextComparison', 'exact')
self.__security.setdefault('failOnAuthnContextMismatch', False)
def check_settings(self, settings):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/src/onelogin/saml2/utils.py
new/python3-saml-1.9.0/src/onelogin/saml2/utils.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/utils.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/utils.py 2019-11-20
18:17:19.000000000 +0100
@@ -65,6 +65,10 @@
RESPONSE_SIGNATURE_XPATH = '/samlp:Response/ds:Signature'
ASSERTION_SIGNATURE_XPATH = '/samlp:Response/saml:Assertion/ds:Signature'
+ TIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
+ TIME_FORMAT_2 = "%Y-%m-%dT%H:%M:%S.%fZ"
+ TIME_FORMAT_WITH_FRAGMENT =
re.compile(r'^(\d{4,4}-\d{2,2}-\d{2,2}T\d{2,2}:\d{2,2}:\d{2,2})(\.\d*)?Z?$')
+
@staticmethod
def escape_url(url, lowercase_urlencoding=False):
"""
@@ -401,7 +405,7 @@
:rtype: string
"""
data = datetime.utcfromtimestamp(float(time))
- return data.strftime('%Y-%m-%dT%H:%M:%SZ')
+ return data.strftime(OneLogin_Saml2_Utils.TIME_FORMAT)
@staticmethod
def parse_SAML_to_time(timestr):
@@ -416,9 +420,16 @@
:rtype: int
"""
try:
- data = datetime.strptime(timestr, '%Y-%m-%dT%H:%M:%SZ')
+ data = datetime.strptime(timestr, OneLogin_Saml2_Utils.TIME_FORMAT)
except ValueError:
- data = datetime.strptime(timestr, '%Y-%m-%dT%H:%M:%S.%fZ')
+ try:
+ data = datetime.strptime(timestr,
OneLogin_Saml2_Utils.TIME_FORMAT_2)
+ except ValueError:
+ elem =
OneLogin_Saml2_Utils.TIME_FORMAT_WITH_FRAGMENT.match(timestr)
+ if not elem:
+ raise Exception("time data %s does not match format %s" %
(timestr, r'yyyy-mm-ddThh:mm:ss(\.s+)?Z'))
+ data = datetime.strptime(elem.groups()[0] + "Z",
OneLogin_Saml2_Utils.TIME_FORMAT)
+
return calendar.timegm(data.utctimetuple())
@staticmethod
@@ -956,10 +967,10 @@
)
# Check if Reference URI is empty
- reference_elem = OneLogin_Saml2_XML.query(signature_node,
'//ds:Reference')
- if len(reference_elem) > 0:
- if reference_elem[0].get('URI') == '':
- reference_elem[0].set('URI', '#%s' %
signature_node.getparent().get('ID'))
+ # reference_elem = OneLogin_Saml2_XML.query(signature_node,
'//ds:Reference')
+ # if len(reference_elem) > 0:
+ # if reference_elem[0].get('URI') == '':
+ # reference_elem[0].set('URI', '#%s' %
signature_node.getparent().get('ID'))
if validatecert:
manager = xmlsec.KeysManager()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python3-saml-v.1.7.0/src/onelogin/saml2/xml_utils.py
new/python3-saml-1.9.0/src/onelogin/saml2/xml_utils.py
--- old/python3-saml-v.1.7.0/src/onelogin/saml2/xml_utils.py 2019-07-02
20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/src/onelogin/saml2/xml_utils.py 2019-11-20
18:17:19.000000000 +0100
@@ -147,7 +147,9 @@
:rtype: etree.Element
"""
all_prefixes_to_keep = [
- OneLogin_Saml2_Constants.NS_PREFIX_XS
+ OneLogin_Saml2_Constants.NS_PREFIX_XS,
+ OneLogin_Saml2_Constants.NS_PREFIX_XSI,
+ OneLogin_Saml2_Constants.NS_PREFIX_XSD
]
if keep_ns_prefixes:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/data/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
new/python3-saml-1.9.0/tests/data/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
---
old/python3-saml-v.1.7.0/tests/data/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
2019-07-02 20:09:38.000000000 +0200
+++
new/python3-saml-1.9.0/tests/data/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
2019-11-20 18:17:19.000000000 +0100
@@ -1 +1 @@
-PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdEJlZm9yZT0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMjEtMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdEJlZm9yZT0iMjk5OS0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/data/responses/response_without_assertion_reference_uri.xml.base64
new/python3-saml-1.9.0/tests/data/responses/response_without_assertion_reference_uri.xml.base64
---
old/python3-saml-v.1.7.0/tests/data/responses/response_without_assertion_reference_uri.xml.base64
1970-01-01 01:00:00.000000000 +0100
+++
new/python3-saml-1.9.0/tests/data/responses/response_without_assertion_reference_uri.xml.base64
2019-11-20 18:17:19.000000000 +0100
@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0icGZ4ZDU5NDM0N2QtNDk1Zi1iOGQxLTBlZTItNDFjZmRhMTRkZDM1IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMS0wMlQyMjo0ODo0OFoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDEvdjEvdXNlcnMvYXV0aG9yaXplL3NhbWwiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiBJblJlc3BvbnNlVG89Il9lZDkxNWE0MC03NGZiLTAxMzItNWIxNi00OGUwZWIxNGExYzciPgogIDxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPgogIDxzYW1scDpTdGF0dXM+CiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgPC9zYW1scDpTdGF0dXM+CgogIDxBc3NlcnRpb24geG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNzAwYWMzMjAtNzRmZi0wMTMyLTViMTQtNDhlMGViMTRhMWM3IiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBWZXJzaW9uPSIyLjAiPgogICAgPElzc3Vlcj5odHRwOi8vZXhhbXBsZS5jb208L0lzc3Vlcj4KICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPgogICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgIDxkczpSZWZlcmVuY2UgVVJJPSIiPgogICAgICA8ZHM6VHJhbnNmb3Jtcz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CiAgICAgIDxkczpEaWdlc3RWYWx1ZT5qQ2dlWENQREZsd2pUZ3FnUHAwbVUyVHF3OWc9PC9kczpEaWdlc3RWYWx1ZT4KICAgIDwvZHM6UmVmZXJlbmNlPgogIDwvZHM6U2lnbmVkSW5mbz4KICA8ZHM6U2lnbmF0dXJlVmFsdWU+bG9SN21DRmlNSURIUHBLeVgzRUd2dzJYeTZycEtFZWZVMDhYS1lWRXJ6MXB3a1BUUFFlYU5iK2RGMHZLai9rNQoyUmJ2Z3ZFUFN2ZGI3RDJOMTY5QjJMTGVmbXpaWTBDY0RKcThkK3lNbnZSNER3YitSUFl6bWJoS29XQ1ZyY3VPCnNvbEUxQTg3WFZjenNpd2JYRWllM2p4RHdDSk5vWi9GRFJRZy80RHRQVmc9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+CiAgPGRzOlg1MDlEYXRhPgogICAgPGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDVnpDQ0FjQUNDUURJVkhhTlNCWUw2VEFOQmdrcWhraUc5dzBCQVFzRkFEQndNUXN3Q1FZRFZRUUdFd0pHVWpFT01Bd0dBMVVFQ0F3RlVHRnlhWE14RGpBTUJnTlZCQWNNQlZCaGNtbHpNUll3RkFZRFZRUUtEQTFPYjNaaGNHOXpkQ0JVUlZOVU1Ta3dKd1lKS29aSWh2Y05BUWtCRmhwbWJHOXlaVzUwTG5CcFoyOTFkRUJ1YjNaaGNHOXpkQzVtY2pBZUZ3MHhOREF5TVRNeE16VXpOREJhRncweE5UQXlNVE14TXpVek5EQmFNSEF4Q3pBSkJnTlZCQVlUQWtaU01RNHdEQVlEVlFRSURBVlFZWEpwY3pFT01Bd0dBMVVFQnd3RlVHRnlhWE14RmpBVUJnTlZCQW9NRFU1dmRtRndiM04wSUZSRlUxUXhLVEFuQmdrcWhraUc5dzBCQ1FFV0dtWnNiM0psYm5RdWNHbG5iM1YwUUc1dmRtRndiM04wTG1aeU1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2hMRkhuM0xuTjRKUS83V0NkWXVweGtVZ2NOT1FuUEYreWxsKy9EUHB1eDlucGZZMDU5UElVYXRCOFg3a0NuNWk4dFJ3SXkvaWtISlI2TXI4K01QdmM2Vk9aRHhQTmRadk1vLzhsaHhyYk4zSmRydzN3aFptVS9LUFI5RjNCZEZkdStTTHpyTWwxVERVWmxQdFk5WHpVRlhjcU44SVhjeThUSnpDQmVOZXkzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRHQkFDdEo4ZmVHemUxTkhCNVZ3MThqTVVQdkhvN0gzR3dtajZaREFYUWxhaUFYTXVOQnhOWFZXVndpZmw2VituVzN3OVFhN0Zlby9uWi9PNFRVT0gxbnorYWRrbGNDRDRRcFphRUlibUFicmlQV0pLZ2I0TFdHaHFRcnV3WVI3SXRUUjFNTlg5Z0xiUDB6MHp2REVRbm50L1ZVV0ZFQkxTSnE0WjROcmU4TEZtUzI8L2RzOlg1MDlDZXJ0aWZpY2F0ZT4KICA8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PFN1YmplY3Q+CiAgICAgIDxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnNhbWxAdXNlci5jb208L05hbWVJRD4KICAgICAgPFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4KICAgICAgICA8U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfZWQ5MTVhNDAtNzRmYi0wMTMyLTViMTYtNDhlMGViMTRhMWM3IiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjI6NTE6NDhaIiBSZWNpcGllbnQ9Imh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS92MS91c2Vycy9hdXRob3JpemUvc2FtbCIvPgogICAgICA8L1N1YmplY3RDb25maXJtYXRpb24+CiAgICA8L1N1YmplY3Q+CiAgICA8Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTUtMDEtMDJUMjI6NDg6NDNaIiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjM6NDg6NDhaIj4KICAgICAgPEF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICAgICAgPEF1ZGllbmNlPmh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS88L0F1ZGllbmNlPgogICAgICAgIDxBdWRpZW5jZT5mbGF0X3dvcmxkPC9BdWRpZW5jZT4KICAgICAgPC9BdWRpZW5jZVJlc3RyaWN0aW9uPgogICAgPC9Db25kaXRpb25zPgogICAgPEF0dHJpYnV0ZVN0YXRlbWVudD4KICAgICAgPEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPgogICAgICAgIDxBdHRyaWJ1dGVWYWx1ZT5zYW1sQHVzZXIuY29tPC9BdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9BdHRyaWJ1dGU+CiAgICA8L0F0dHJpYnV0ZVN0YXRlbWVudD4KICAgIDxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBTZXNzaW9uSW5kZXg9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciPgogICAgICA8QXV0aG5Db250ZXh0PgogICAgICAgIDxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46ZmVkZXJhdGlvbjphdXRoZW50aWNhdGlvbjp3aW5kb3dzPC9BdXRobkNvbnRleHRDbGFzc1JlZj4KICAgICAgPC9BdXRobkNvbnRleHQ+CiAgICA8L0F1dGhuU3RhdGVtZW50PgogIDwvQXNzZXJ0aW9uPgo8L3NhbWxwOlJlc3BvbnNlPgo=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/data/responses/response_without_reference_uri.xml.base64
new/python3-saml-1.9.0/tests/data/responses/response_without_reference_uri.xml.base64
---
old/python3-saml-v.1.7.0/tests/data/responses/response_without_reference_uri.xml.base64
2019-07-02 20:09:38.000000000 +0200
+++
new/python3-saml-1.9.0/tests/data/responses/response_without_reference_uri.xml.base64
2019-11-20 18:17:19.000000000 +0100
@@ -1 +1 @@
-PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9InBmeGQ1OTQzNDdkLTQ5NWYtYjhkMS0wZWUyLTQxY2ZkYTE0ZGQzNSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2xvY2FsaG9zdDo5MDAxL3YxL3VzZXJzL2F1dGhvcml6ZS9zYW1sIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJfZWQ5MTVhNDAtNzRmYi0wMTMyLTViMTYtNDhlMGViMTRhMWM3Ij4NCiAgPElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovL2V4YW1wbGUuY29tPC9Jc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5qQ2dlWENQREZsd2pUZ3FnUHAwbVUyVHF3OWc9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkRmdXByMTh3UityRGFndENQRWZRbFNHSHp3NE5kZlBIWjRIc3pGZTFKUENKWGpmYnlFTTFmZytqemdHYk1NdDZYemdDWGNLSk03RS9DUFNURGt2TWUzRFVKbEh1NERodURPQXovRHN5b0J3V3VWK1JmM1dpTmNGNFhDYzl3QlF6dm4vYXREN3pXNnh3TzdOL2hrQVpKcWZ2SmRkbnBNTUhLR1hxRy9aSFpBdz08L2RzOlNpZ25hdHVyZVZhbHVlPg0KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ3FEQ0NBaEdnQXdJQkFnSUJBREFOQmdrcWhraUc5dzBCQVEwRkFEQnhNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1YyRnphR2x1WjNSdmJqRWlNQ0FHQTFVRUNnd1pSbXhoZENCWGIzSnNaQ0JMYm05M2JHVmtaMlVzSUVsdVl6RWNNQm9HQTFVRUF3d1RiR1ZoY200dVpteGhkSGR2Y214a0xtTnZiVEVMTUFrR0ExVUVCd3dDUkVNd0hoY05NVFV3TnpBNE1EazFPVEF6V2hjTk1qVXdOekExTURrMU9UQXpXakJ4TVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tWMkZ6YUdsdVozUnZiakVpTUNBR0ExVUVDZ3daUm14aGRDQlhiM0pzWkNCTGJtOTNiR1ZrWjJVc0lFbHVZekVjTUJvR0ExVUVBd3dUYkdWaGNtNHVabXhoZEhkdmNteGtMbU52YlRFTE1Ba0dBMVVFQnd3Q1JFTXdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBTVBEd3NsNW82eDJRb3VOaTEvRTdJVXFSWWoyWW9jSlJGc3VFR1RldnlVKzJhRkNhQk5WL3R0NnNBYk05V1N1dEx1cWpFL2hmYm5sRWNaMDMrZ24wQ29MbDZZbXdiS0tlUnBrSXplVmhveUoxWVlNUUVBVmhMcmR5OFBvd3U4VUNaMFBiQXorbjlka2lSek01cENDTzc3K2d5Y0ZUQkZLSEFBOXFJcFVaWmtQQWdNQkFBR2pVREJPTUIwR0ExVWREZ1FXQkJRSFU1OGl1R3hGbFp1ckJVSndvbGFsSnIrRlJ6QWZCZ05WSFNNRUdEQVdnQlFIVTU4aXVHeEZsWnVyQlVKd29sYWxKcitGUnpBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCRFFVQUE0R0JBQzZpSGZNbWQraE1TUnpma29zaTNDK3d2cUhDTEVVc2czSEZwa1ptNWp4bVREbEY1cU8rQnQwbjB4bWZvcVdCekJNbE5DOFRzR3JhZmhKM3p1OEdORjBMZW8xMXJmYzFHTUdCdnI1SG9aM1dBQXltbkJFREFBb3N4TjZXWlJtajF4YWdhMTMrNnBXZkdCKysyblB3Y1pXUC84ZGtQY1JvZ2V2VjB4MHA1Njg2PC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCg0KICA8QXNzZXJ0aW9uIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzcwMGFjMzIwLTc0ZmYtMDEzMi01YjE0LTQ4ZTBlYjE0YTFjNyIgSXNzdWVJbnN0YW50PSIyMDE1LTAxLTAyVDIyOjQ4OjQ4WiIgVmVyc2lvbj0iMi4wIj4NCiAgICA8SXNzdWVyPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPg0KICAgIDxTdWJqZWN0Pg0KICAgICAgPE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c2FtbEB1c2VyLmNvbTwvTmFtZUlEPg0KICAgICAgPFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iX2VkOTE1YTQwLTc0ZmItMDEzMi01YjE2LTQ4ZTBlYjE0YTFjNyIgTm90T25PckFmdGVyPSIyMDM4LTAxLTAyVDIyOjUxOjQ4WiIgUmVjaXBpZW50PSJodHRwOi8vbG9jYWxob3N0OjkwMDEvdjEvdXNlcnMvYXV0aG9yaXplL3NhbWwiLz4NCiAgICAgIDwvU3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L1N1YmplY3Q+DQogICAgPENvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE1LTAxLTAyVDIyOjQ4OjQzWiIgTm90T25PckFmdGVyPSIyMDM4LTAxLTAyVDIzOjQ4OjQ4WiI+DQogICAgICA8QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPEF1ZGllbmNlPmh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS88L0F1ZGllbmNlPg0KICAgICAgICA8QXVkaWVuY2U+ZmxhdF93b3JsZDwvQXVkaWVuY2U+DQogICAgICA8L0F1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9Db25kaXRpb25zPg0KICAgIDxBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2VtYWlsYWRkcmVzcyI+DQogICAgICAgIDxBdHRyaWJ1dGVWYWx1ZT5zYW1sQHVzZXIuY29tPC9BdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvQXR0cmlidXRlPg0KICAgIDwvQXR0cmlidXRlU3RhdGVtZW50Pg0KICAgIDxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBTZXNzaW9uSW5kZXg9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciPg0KICAgICAgPEF1dGhuQ29udGV4dD4NCiAgICAgICAgPEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpmZWRlcmF0aW9uOmF1dGhlbnRpY2F0aW9uOndpbmRvd3M8L0F1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9BdXRobkNvbnRleHQ+DQogICAgPC9BdXRoblN0YXRlbWVudD4NCiAgPC9Bc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==
\ No newline at end of file
+PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0icGZ4ZDU5NDM0N2QtNDk1Zi1iOGQxLTBlZTItNDFjZmRhMTRkZDM1IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMS0wMlQyMjo0ODo0OFoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDEvdjEvdXNlcnMvYXV0aG9yaXplL3NhbWwiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiBJblJlc3BvbnNlVG89Il9lZDkxNWE0MC03NGZiLTAxMzItNWIxNi00OGUwZWIxNGExYzciPgogIDxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPgogIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPgogICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgIDxkczpSZWZlcmVuY2UgVVJJPSIiPgogICAgICA8ZHM6VHJhbnNmb3Jtcz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CiAgICAgIDxkczpEaWdlc3RWYWx1ZT5qQ2dlWENQREZsd2pUZ3FnUHAwbVUyVHF3OWc9PC9kczpEaWdlc3RWYWx1ZT4KICAgIDwvZHM6UmVmZXJlbmNlPgogIDwvZHM6U2lnbmVkSW5mbz4KICA8ZHM6U2lnbmF0dXJlVmFsdWU+bG9SN21DRmlNSURIUHBLeVgzRUd2dzJYeTZycEtFZWZVMDhYS1lWRXJ6MXB3a1BUUFFlYU5iK2RGMHZLai9rNQoyUmJ2Z3ZFUFN2ZGI3RDJOMTY5QjJMTGVmbXpaWTBDY0RKcThkK3lNbnZSNER3YitSUFl6bWJoS29XQ1ZyY3VPCnNvbEUxQTg3WFZjenNpd2JYRWllM2p4RHdDSk5vWi9GRFJRZy80RHRQVmc9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+CiAgPGRzOlg1MDlEYXRhPgogICAgPGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDVnpDQ0FjQUNDUURJVkhhTlNCWUw2VEFOQmdrcWhraUc5dzBCQVFzRkFEQndNUXN3Q1FZRFZRUUdFd0pHVWpFT01Bd0dBMVVFQ0F3RlVHRnlhWE14RGpBTUJnTlZCQWNNQlZCaGNtbHpNUll3RkFZRFZRUUtEQTFPYjNaaGNHOXpkQ0JVUlZOVU1Ta3dKd1lKS29aSWh2Y05BUWtCRmhwbWJHOXlaVzUwTG5CcFoyOTFkRUJ1YjNaaGNHOXpkQzVtY2pBZUZ3MHhOREF5TVRNeE16VXpOREJhRncweE5UQXlNVE14TXpVek5EQmFNSEF4Q3pBSkJnTlZCQVlUQWtaU01RNHdEQVlEVlFRSURBVlFZWEpwY3pFT01Bd0dBMVVFQnd3RlVHRnlhWE14RmpBVUJnTlZCQW9NRFU1dmRtRndiM04wSUZSRlUxUXhLVEFuQmdrcWhraUc5dzBCQ1FFV0dtWnNiM0psYm5RdWNHbG5iM1YwUUc1dmRtRndiM04wTG1aeU1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2hMRkhuM0xuTjRKUS83V0NkWXVweGtVZ2NOT1FuUEYreWxsKy9EUHB1eDlucGZZMDU5UElVYXRCOFg3a0NuNWk4dFJ3SXkvaWtISlI2TXI4K01QdmM2Vk9aRHhQTmRadk1vLzhsaHhyYk4zSmRydzN3aFptVS9LUFI5RjNCZEZkdStTTHpyTWwxVERVWmxQdFk5WHpVRlhjcU44SVhjeThUSnpDQmVOZXkzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRHQkFDdEo4ZmVHemUxTkhCNVZ3MThqTVVQdkhvN0gzR3dtajZaREFYUWxhaUFYTXVOQnhOWFZXVndpZmw2VituVzN3OVFhN0Zlby9uWi9PNFRVT0gxbnorYWRrbGNDRDRRcFphRUlibUFicmlQV0pLZ2I0TFdHaHFRcnV3WVI3SXRUUjFNTlg5Z0xiUDB6MHp2REVRbm50L1ZVV0ZFQkxTSnE0WjROcmU4TEZtUzI8L2RzOlg1MDlDZXJ0aWZpY2F0ZT4KICA8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz4KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4KICA8L3NhbWxwOlN0YXR1cz4KCiAgPEFzc2VydGlvbiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciIElzc3VlSW5zdGFudD0iMjAxNS0wMS0wMlQyMjo0ODo0OFoiIFZlcnNpb249IjIuMCI+CiAgICA8SXNzdWVyPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPgogICAgPFN1YmplY3Q+CiAgICAgIDxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnNhbWxAdXNlci5jb208L05hbWVJRD4KICAgICAgPFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4KICAgICAgICA8U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfZWQ5MTVhNDAtNzRmYi0wMTMyLTViMTYtNDhlMGViMTRhMWM3IiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjI6NTE6NDhaIiBSZWNpcGllbnQ9Imh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS92MS91c2Vycy9hdXRob3JpemUvc2FtbCIvPgogICAgICA8L1N1YmplY3RDb25maXJtYXRpb24+CiAgICA8L1N1YmplY3Q+CiAgICA8Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTUtMDEtMDJUMjI6NDg6NDNaIiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjM6NDg6NDhaIj4KICAgICAgPEF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICAgICAgPEF1ZGllbmNlPmh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS88L0F1ZGllbmNlPgogICAgICAgIDxBdWRpZW5jZT5mbGF0X3dvcmxkPC9BdWRpZW5jZT4KICAgICAgPC9BdWRpZW5jZVJlc3RyaWN0aW9uPgogICAgPC9Db25kaXRpb25zPgogICAgPEF0dHJpYnV0ZVN0YXRlbWVudD4KICAgICAgPEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPgogICAgICAgIDxBdHRyaWJ1dGVWYWx1ZT5zYW1sQHVzZXIuY29tPC9BdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9BdHRyaWJ1dGU+CiAgICA8L0F0dHJpYnV0ZVN0YXRlbWVudD4KICAgIDxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBTZXNzaW9uSW5kZXg9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciPgogICAgICA8QXV0aG5Db250ZXh0PgogICAgICAgIDxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46ZmVkZXJhdGlvbjphdXRoZW50aWNhdGlvbjp3aW5kb3dzPC9BdXRobkNvbnRleHRDbGFzc1JlZj4KICAgICAgPC9BdXRobkNvbnRleHQ+CiAgICA8L0F1dGhuU3RhdGVtZW50PgogIDwvQXNzZXJ0aW9uPgo8L3NhbWxwOlJlc3BvbnNlPgo=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/data/responses/unsigned_response.xml.base64
new/python3-saml-1.9.0/tests/data/responses/unsigned_response.xml.base64
--- old/python3-saml-v.1.7.0/tests/data/responses/unsigned_response.xml.base64
2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/tests/data/responses/unsigned_response.xml.base64
2019-11-20 18:17:19.000000000 +0100
@@ -1 +1 @@
-PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMjEtMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjk5OS0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/src/OneLogin/saml2_tests/response_test.py
new/python3-saml-1.9.0/tests/src/OneLogin/saml2_tests/response_test.py
--- old/python3-saml-v.1.7.0/tests/src/OneLogin/saml2_tests/response_test.py
2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/tests/src/OneLogin/saml2_tests/response_test.py
2019-11-20 18:17:19.000000000 +0100
@@ -1056,7 +1056,7 @@
# check that we catch when the contexts don't match
response = OneLogin_Saml2_Response(settings, message)
self.assertFalse(response.is_valid(request_data))
- self.assertIn('The AuthnContext "%s" didn\'t include requested context
"%s"' % (password_context, two_factor_context), response.get_error())
+ self.assertIn('The AuthnContext "%s" was not a requested context "%s"'
% (password_context, two_factor_context), response.get_error())
# now drop in the expected AuthnContextClassRef and see that it passes
original_message =
compat.to_string(OneLogin_Saml2_Utils.b64decode(message))
@@ -1661,15 +1661,24 @@
# Modified message
self.assertFalse(response_9.is_valid(self.get_request_data()))
- def testIsValidSignWithEmptyReferenceURI(self):
+ def testMessageSignedIsValidSignWithEmptyReferenceURI(self):
settings_info = self.loadSettingsJSON()
del settings_info['idp']['x509cert']
- settings_info['idp']['certFingerprint'] =
"194d97e4d8c9c8cfa4b721e5ee497fd9660e5213"
+ settings_info['idp']['certFingerprint'] =
"657302a5e11a4794a1e50a705988d66c9377575d"
settings = OneLogin_Saml2_Settings(settings_info)
xml = self.file_contents(join(self.data_path, 'responses',
'response_without_reference_uri.xml.base64'))
response = OneLogin_Saml2_Response(settings, xml)
self.assertTrue(response.is_valid(self.get_request_data()))
+ def testAssertionSignedIsValidSignWithEmptyReferenceURI(self):
+ settings_info = self.loadSettingsJSON()
+ del settings_info['idp']['x509cert']
+ settings_info['idp']['certFingerprint'] =
"657302a5e11a4794a1e50a705988d66c9377575d"
+ settings = OneLogin_Saml2_Settings(settings_info)
+ xml = self.file_contents(join(self.data_path, 'responses',
'response_without_assertion_reference_uri.xml.base64'))
+ response = OneLogin_Saml2_Response(settings, xml)
+ self.assertTrue(response.is_valid(self.get_request_data()))
+
def testIsValidWithoutInResponseTo(self):
"""
If assertion contains InResponseTo but not the Response tag, we should
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/src/OneLogin/saml2_tests/settings_test.py
new/python3-saml-1.9.0/tests/src/OneLogin/saml2_tests/settings_test.py
--- old/python3-saml-v.1.7.0/tests/src/OneLogin/saml2_tests/settings_test.py
2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/tests/src/OneLogin/saml2_tests/settings_test.py
2019-11-20 18:17:19.000000000 +0100
@@ -755,7 +755,7 @@
del settings_info['strict']
settings = OneLogin_Saml2_Settings(settings_info)
- self.assertFalse(settings.is_strict())
+ self.assertTrue(settings.is_strict())
settings_info['strict'] = False
settings_2 = OneLogin_Saml2_Settings(settings_info)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/python3-saml-v.1.7.0/tests/src/OneLogin/saml2_tests/utils_test.py
new/python3-saml-1.9.0/tests/src/OneLogin/saml2_tests/utils_test.py
--- old/python3-saml-v.1.7.0/tests/src/OneLogin/saml2_tests/utils_test.py
2019-07-02 20:09:38.000000000 +0200
+++ new/python3-saml-1.9.0/tests/src/OneLogin/saml2_tests/utils_test.py
2019-11-20 18:17:19.000000000 +0100
@@ -450,6 +450,14 @@
saml_time2 = '2013-12-10T04:39:31.120Z'
self.assertEqual(time,
OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time2))
+ # Now test if toolkit supports microseconds
+ saml_time3 = '2013-12-10T04:39:31.120240Z'
+ self.assertEqual(time,
OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time3))
+
+ # Now test if toolkit supports nanoseconds
+ saml_time4 = '2013-12-10T04:39:31.120240360Z'
+ self.assertEqual(time,
OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time4))
+
def testParseTime2SAML(self):
"""
Tests the parse_time_to_SAML method of the OneLogin_Saml2_Utils
