providers/saml: fix IndexError in signature check

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-02 20:30:03 +01:00
parent 2eb5a5cc76
commit 4bd1cd127b
1 changed files with 4 additions and 5 deletions

View File

@ -100,14 +100,13 @@ class AuthNRequestParser:
xmlsec.tree.add_ids(root, ["ID"]) xmlsec.tree.add_ids(root, ["ID"])
signature_nodes = root.xpath("/samlp:AuthnRequest/ds:Signature", namespaces=NS_MAP) signature_nodes = root.xpath("/samlp:AuthnRequest/ds:Signature", namespaces=NS_MAP)
# No signatures, no verifier configured -> decode xml directly # No signatures, no verifier configured -> decode xml directly
if len(signature_nodes) < 1 and not verifier: if len(signature_nodes) < 1:
return self._parse_xml(decoded_xml, relay_state) if not verifier:
return self._parse_xml(decoded_xml, relay_state)
raise CannotHandleAssertion(ERROR_SIGNATURE_REQUIRED_BUT_ABSENT)
signature_node = signature_nodes[0] signature_node = signature_nodes[0]
if verifier and signature_node is None:
raise CannotHandleAssertion(ERROR_SIGNATURE_REQUIRED_BUT_ABSENT)
if signature_node is not None: if signature_node is not None:
if not verifier: if not verifier:
raise CannotHandleAssertion(ERROR_SIGNATURE_EXISTS_BUT_NO_VERIFIER) raise CannotHandleAssertion(ERROR_SIGNATURE_EXISTS_BUT_NO_VERIFIER)