From 4f1c11c5ef36d956e6d4fa304b419dc3b1a21881 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 3 Aug 2021 22:40:13 +0200 Subject: [PATCH] providers/saml: add WantAssertionsSigned Signed-off-by: Jens Langhammer # Conflicts: # authentik/providers/saml/processors/metadata_parser.py --- .../providers/saml/processors/metadata_parser.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/authentik/providers/saml/processors/metadata_parser.py b/authentik/providers/saml/processors/metadata_parser.py index 8708a6c06..0009cd61c 100644 --- a/authentik/providers/saml/processors/metadata_parser.py +++ b/authentik/providers/saml/processors/metadata_parser.py @@ -134,10 +134,18 @@ class ServiceProviderMetadataParser: # For now we'll only look at the first descriptor. # Even if multiple descriptors exist, we can only configure one descriptor = sp_sso_descriptors[0] - auth_n_request_signed = ( - descriptor.attrib["AuthnRequestsSigned"].lower() == "true" - ) - assertion_signed = descriptor.attrib["WantAssertionsSigned"].lower() == "true" + + auth_n_request_signed = False + if "AuthnRequestsSigned" in descriptor.attrib: + auth_n_request_signed = ( + descriptor.attrib["AuthnRequestsSigned"].lower() == "true" + ) + + assertion_signed = False + if "WantAssertionsSigned" in descriptor.attrib: + assertion_signed = ( + descriptor.attrib["WantAssertionsSigned"].lower() == "true" + ) acs_services = descriptor.findall( f"{{{NS_SAML_METADATA}}}AssertionConsumerService"