Handling of authn_requests_signed #74
Description
Hi,
This is a bigger post, I won't be offended if it is left for later :)
PR #7 introduced a default value to authn_requests_signed, set to False.
Upstream now default to true (has done for at least two years by the look of it). Would you be willing to align the default for djangosaml2 with pysaml2? If not, I'll put together a few sentences for the docs noting the difference.
http://pysaml2.readthedocs.io/en/latest/howto/config.html?highlight=metadata#authn-requests-signed
IdentityPython/pysaml2@0a83d58
Related but possibly its own issue:
As was mentioned in #51 binding is set based on the value of authn_requests_signed.
https://github.com/knaperek/djangosaml2/blob/master/djangosaml2/views.py#L140
I think this is what is causing me odd messages like this, where IdP None features:
Quit the server with CONTROL-C.
WARNING:djangosaml2:IDP None does not support urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect, trying urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
[16/Aug/2017 23:56:38] "GET /VIP/login/ HTTP/1.1" 200 1508
Its no more logical when run with debug level, (I've trimmed this to what I believe are the relevant messages):
DEBUG:saml2.mdstore:service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '__class__': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://login.vip.symantec.com/viplogin/saml2/post/requestconfirmidentity'}]}
DEBUG:djangosaml2:Trying binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect for IDP None
DEBUG:saml2.mdstore:service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '__class__': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://login.vip.symantec.com/viplogin/saml2/post/requestconfirmidentity'}]}
DEBUG:saml2.mdstore:service(login.vip.symantec.com, idpsso_descriptor, single_sign_on_service, None)
DEBUG:saml2.mdstore:service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '__class__': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://login.vip.symantec.com/viplogin/saml2/post/requestconfirmidentity'}]}
DEBUG:djangosaml2:Binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect not in IDP None supported bindings: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
WARNING:djangosaml2:IDP None does not support urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect, trying urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
DEBUG:djangosaml2:Redirecting user to the IdP via urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST binding.