def testGenerateNameIdWithoutSPNameQualifier(self):
"""
Tests the generateNameId method of the OneLogin_Saml2_Utils
"""
name_id_value = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde'
name_id_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
name_id = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format)
expected_name_id = '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde</saml:NameID>'
self.assertEqual(expected_name_id, name_id)
settings_info = self.loadSettingsJSON()
x509cert = settings_info['idp']['x509cert']
key = OneLogin_Saml2_Utils.format_cert(x509cert)
name_id_enc = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format, key)
expected_name_id_enc = '<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Type="http://www.w3.org/2001/04/xmlenc#Element">\n<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>\n<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">\n<xenc:EncryptedKey>\n<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>\n<xenc:CipherData>\n<xenc:CipherValue>'
self.assertIn(expected_name_id_enc, name_id_enc)
def __init__(self, settings, request=None):
"""
Constructs the Logout Request object.
Arguments are:
* (OneLogin_Saml2_Settings) settings. Setting data
"""
self.__settings = settings
self.__error = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
name_id_value = OneLogin_Saml2_Utils.generate_unique_id()
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now())
cert = None
if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
cert = idp_data['x509cert']
name_id = OneLogin_Saml2_Utils.generate_name_id(
name_id_value,
sp_data['entityId'],
sp_data['NameIDFormat'],
cert
)
logout_request = """<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
IssueInstant="%(issue_instant)s"
Destination="%(single_logout_url)s">
<saml:Issuer>%(entity_id)s</saml:Issuer>
%(name_id)s
</samlp:LogoutRequest>""" % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id,
}
else:
decoded = b64decode(request)
# We try to inflate
try:
inflated = decompress(decoded, -15)
logout_request = inflated
except Exception:
logout_request = decoded
self.__logout_request = logout_request
def testGenerateNameIdWithoutSPNameQualifier(self):
"""
Tests the generateNameId method of the OneLogin_Saml2_Utils
"""
name_id_value = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde'
name_id_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified'
name_id = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format)
expected_name_id = '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde</saml:NameID>'
self.assertEqual(name_id, expected_name_id)
settings_info = self.loadSettingsJSON()
x509cert = settings_info['idp']['x509cert']
key = OneLogin_Saml2_Utils.format_cert(x509cert)
name_id_enc = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format, key)
expected_name_id_enc = '<saml:EncryptedID><xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><xenc:CipherData><xenc:CipherValue>'
self.assertIn(expected_name_id_enc, name_id_enc)
def testGenerateNameIdWithoutFormat(self):
"""
Tests the generateNameId method of the OneLogin_Saml2_Utils
"""
name_id_value = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde'
name_id_format = None
name_id = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format)
expected_name_id = '<saml:NameID>ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde</saml:NameID>'
self.assertEqual(name_id, expected_name_id)
def __init__(self, settings, request=None):
"""
Constructs the Logout Request object.
Arguments are:
* (OneLogin_Saml2_Settings) settings. Setting data
"""
self.__settings = settings
self.__error = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
name_id_value = OneLogin_Saml2_Utils.generate_unique_id()
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
OneLogin_Saml2_Utils.now())
cert = None
if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
cert = idp_data['x509cert']
name_id = OneLogin_Saml2_Utils.generate_name_id(
name_id_value, sp_data['entityId'], sp_data['NameIDFormat'],
cert)
logout_request = """<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
IssueInstant="%(issue_instant)s"
Destination="%(single_logout_url)s">
<saml:Issuer>%(entity_id)s</saml:Issuer>
%(name_id)s
</samlp:LogoutRequest>""" % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id,
}
else:
decoded = b64decode(request)
# We try to inflate
try:
inflated = decompress(decoded, -15)
logout_request = inflated
except Exception:
logout_request = decoded
self.__logout_request = logout_request
def _generate_name_id_element(self, name_qualifier):
name_id_value = 'value'
entity_id = 'sp-entity-id'
name_id_format = 'name-id-format'
raw_name_id = OneLogin_Saml2_Utils.generate_name_id(
name_id_value,
entity_id,
name_id_format,
nq=name_qualifier,
)
parser = etree.XMLParser(recover=True)
return etree.fromstring(raw_name_id, parser)
def _generate_name_id_element(self, name_qualifier):
name_id_value = 'value'
entity_id = 'sp-entity-id'
name_id_format = 'name-id-format'
raw_name_id = OneLogin_Saml2_Utils.generate_name_id(
name_id_value,
entity_id,
name_id_format,
nq=name_qualifier,
)
parser = etree.XMLParser(recover=True)
return etree.fromstring(raw_name_id, parser)
def __init__(self, settings, request=None, name_id=None, session_index=None, nq=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type request_data: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
:param nq: IDP Name Qualifier
:type: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now())
cert = None
if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
cert = idp_data['x509cert']
if name_id is not None:
nameIdFormat = sp_data['NameIDFormat']
spNameQualifier = None
else:
name_id = idp_data['entityId']
nameIdFormat = OneLogin_Saml2_Constants.NAMEID_ENTITY
spNameQualifier = sp_data['entityId']
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id,
spNameQualifier,
nameIdFormat,
cert
)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
logout_request = """<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
IssueInstant="%(issue_instant)s"
Destination="%(single_logout_url)s">
<saml:Issuer>%(entity_id)s</saml:Issuer>
%(name_id)s
%(session_index)s
</samlp:LogoutRequest>""" % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
decoded = b64decode(request)
# We try to inflate
try:
inflated = decompress(decoded, -15)
logout_request = inflated
except Exception:
logout_request = decoded
self.id = self.get_id(logout_request)
self.__logout_request = logout_request
def __init__(self,
settings,
request=None,
name_id=None,
session_index=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type request_data: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
OneLogin_Saml2_Utils.now())
cert = None
if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
cert = idp_data['x509cert']
if name_id is not None:
nameIdFormat = sp_data['NameIDFormat']
spNameQualifier = None
else:
name_id = idp_data['entityId']
nameIdFormat = OneLogin_Saml2_Constants.NAMEID_ENTITY
spNameQualifier = sp_data['entityId']
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id, spNameQualifier, nameIdFormat, cert)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
logout_request = """<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
IssueInstant="%(issue_instant)s"
Destination="%(single_logout_url)s">
<saml:Issuer>%(entity_id)s</saml:Issuer>
%(name_id)s
%(session_index)s
</samlp:LogoutRequest>""" % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
decoded = b64decode(request)
# We try to inflate
try:
inflated = decompress(decoded, -15)
logout_request = inflated
except Exception:
logout_request = decoded
self.id = self.get_id(logout_request)
self.__logout_request = logout_request
def __init__(self,
settings,
request=None,
name_id=None,
session_index=None,
nq=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type settings: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
:param nq: IDP Name Qualifier
:type: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
OneLogin_Saml2_Utils.now())
cert = None
if security['nameIdEncrypted']:
cert = idp_data['x509cert']
if name_id is not None:
name_id_format = sp_data['NameIDFormat']
sp_name_qualifier = None
else:
name_id = idp_data['entityId']
name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY
sp_name_qualifier = sp_data['entityId']
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id,
sp_name_qualifier,
name_id_format,
cert,
nq=nq,
)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
logout_request = OneLogin_Saml2_Templates.LOGOUT_REQUEST % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(
request, ignore_zip=True)
self.id = self.get_id(logout_request)
self.__logout_request = logout_request
def __init__(self, settings, request=None, name_id=None, session_index=None, nq=None, name_id_format=None, spnq=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type settings: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
:param nq: IDP Name Qualifier
:type: string
:param name_id_format: The NameID Format that will be set in the LogoutRequest.
:type: string
:param spnq: SP Name Qualifier
:type: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now())
cert = None
if security['nameIdEncrypted']:
exists_multix509enc = 'x509certMulti' in idp_data and \
'encryption' in idp_data['x509certMulti'] and \
idp_data['x509certMulti']['encryption']
if exists_multix509enc:
cert = idp_data['x509certMulti']['encryption'][0]
else:
cert = idp_data['x509cert']
if name_id is not None:
if not name_id_format and sp_data['NameIDFormat'] != OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED:
name_id_format = sp_data['NameIDFormat']
else:
name_id = idp_data['entityId']
name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY
# From saml-core-2.0-os 8.3.6, when the entity Format is used:
# "The NameQualifier, SPNameQualifier, and SPProvidedID attributes
# MUST be omitted.
if name_id_format and name_id_format == OneLogin_Saml2_Constants.NAMEID_ENTITY:
nq = None
spnq = None
# NameID Format UNSPECIFIED omitted
if name_id_format and name_id_format == OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED:
name_id_format = None
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id,
spnq,
name_id_format,
cert,
False,
nq
)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
logout_request = OneLogin_Saml2_Templates.LOGOUT_REQUEST % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(request, ignore_zip=True)
self.id = self.get_id(logout_request)
self.__logout_request = compat.to_string(logout_request)
def __init__(self, settings, request=None, name_id=None, session_index=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type settings: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now())
cert = None
if security['nameIdEncrypted']:
cert = idp_data['x509cert']
if name_id is not None:
name_id_format = sp_data['NameIDFormat']
sp_name_qualifier = None
else:
name_id = idp_data['entityId']
name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY
sp_name_qualifier = sp_data['entityId']
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id,
sp_name_qualifier,
name_id_format,
cert
)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
logout_request = OneLogin_Saml2_Templates.LOGOUT_REQUEST % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': idp_data['singleLogoutService']['url'],
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(request, ignore_zip=True)
self.id = self.get_id(logout_request)
self.__logout_request = logout_request
def __init__(self,
settings,
request=None,
name_id=None,
session_index=None,
nq=None,
name_id_format=None,
spnq=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type request_data: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
:param nq: IDP Name Qualifier
:type: string
:param name_id_format: The NameID Format that will be set in the LogoutRequest.
:type: string
:param spnq: SP Name Qualifier
:type: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
OneLogin_Saml2_Utils.now())
cert = None
if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
exists_multix509enc = 'x509certMulti' in idp_data and \
'encryption' in idp_data['x509certMulti'] and \
idp_data['x509certMulti']['encryption']
if exists_multix509enc:
cert = idp_data['x509certMulti']['encryption'][0]
else:
cert = idp_data['x509cert']
if name_id is not None:
if not name_id_format and sp_data[
'NameIDFormat'] != OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED:
name_id_format = sp_data['NameIDFormat']
else:
name_id = idp_data['entityId']
name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY
# From saml-core-2.0-os 8.3.6, when the entity Format is used:
# "The NameQualifier, SPNameQualifier, and SPProvidedID attributes
# MUST be omitted.
if name_id_format and name_id_format == OneLogin_Saml2_Constants.NAMEID_ENTITY:
nq = None
spnq = None
# NameID Format UNSPECIFIED omitted
if name_id_format and name_id_format == OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED:
name_id_format = None
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id, spnq, name_id_format, cert, False, nq)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
logout_request = """<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
IssueInstant="%(issue_instant)s"
Destination="%(single_logout_url)s">
<saml:Issuer>%(entity_id)s</saml:Issuer>
%(name_id)s
%(session_index)s
</samlp:LogoutRequest>""" % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': self.__settings.get_idp_slo_url(),
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
decoded = b64decode(request)
# We try to inflate
try:
inflated = decompress(decoded, -15)
logout_request = inflated
except Exception:
logout_request = decoded
self.id = self.get_id(logout_request)
self.__logout_request = logout_request
def __init__(self,
settings,
request=None,
name_id=None,
session_index=None,
nq=None,
name_id_format=None):
"""
Constructs the Logout Request object.
:param settings: Setting data
:type request_data: OneLogin_Saml2_Settings
:param request: Optional. A LogoutRequest to be loaded instead build one.
:type request: string
:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string
:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string
:param nq: IDP Name Qualifier
:type: string
:param name_id_format: The NameID Format that will be set in the LogoutRequest.
:type: string
"""
self.__settings = settings
self.__error = None
self.id = None
if request is None:
sp_data = self.__settings.get_sp_data()
idp_data = self.__settings.get_idp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
self.id = uid
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
OneLogin_Saml2_Utils.now())
cert = None
if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
exists_multix509enc = 'x509certMulti' in idp_data and \
'encryption' in idp_data['x509certMulti'] and \
idp_data['x509certMulti']['encryption']
if exists_multix509enc:
cert = idp_data['x509certMulti']['encryption'][0]
else:
cert = idp_data['x509cert']
if name_id is not None:
if not name_id_format and sp_data[
'NameIDFormat'] != OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED:
name_id_format = sp_data['NameIDFormat']
else:
name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY
spNameQualifier = None
if name_id_format == OneLogin_Saml2_Constants.NAMEID_ENTITY:
name_id = idp_data['entityId']
nq = None
elif nq is not None:
# We only gonna include SPNameQualifier if NameQualifier is provided
# SPID: no! spNameQualifier = sp_data['entityId']
pass
name_id_obj = OneLogin_Saml2_Utils.generate_name_id(
name_id, spNameQualifier, name_id_format, cert, False, nq)
if session_index:
session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index
else:
session_index_str = ''
destination_url_parts = urlparse(
idp_data['singleLogoutService']['url'])
destination = "%s://%s" % (destination_url_parts.scheme,
destination_url_parts.netloc)
logout_request = """<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
IssueInstant="%(issue_instant)s"
Destination="%(single_logout_url)s">
<saml:Issuer
NameQualifier="%(entity_id)s"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
>%(entity_id)s</saml:Issuer>
%(name_id)s
%(session_index)s
</samlp:LogoutRequest>""" % \
{
'id': uid,
'issue_instant': issue_instant,
'single_logout_url': destination,
'entity_id': sp_data['entityId'],
'name_id': name_id_obj,
'session_index': session_index_str,
}
else:
decoded = b64decode(request)
# We try to inflate
try:
inflated = decompress(decoded, -15)
logout_request = inflated
except Exception:
logout_request = decoded
self.id = self.get_id(logout_request)
self.__logout_request = logout_request
