Turn warning about no signature verification into an error #866
Commits on Aug 8, 2022
-
Turn not verifying any signature into an error
Not checking any signature is completely insecure and we'd want to go through great lenghts to avoid this. Just logging a warning does not suffice, since will read logs when it doesn't work, but it does.
-
Default want_assertions_or_response_signed to True
Given that the other signature verification options want_assertions_signed and want_response_signed will overrule this setting, defaulting it to true does not impact any configuration that has one of those settings. It does however catch the situation where someone has disabled response signature checking. This prevents that user from landing on an error about an insecure config, and rather employs this reasonable fallback scenario.
Commits on Aug 12, 2022
-
Reordering the phrases to put emphasis on insecure.Update src/saml2/c…
…lient_base.py Co-authored-by: Ivan Kanakarakis <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.