Hi Ivan,
Can you consider PR 483 for the next round of pysaml2 work?
It has been around for about a year. Without it SATOSA cannot check the
signature of a reply from an MDQ server, and since SATOSA is often
deployed with pyFF for its metadata source this leaves a significant
security hole unless the patch is carried along (which I am doing for a
number of deployments).
I have recently rebased the commit on master so it should not be a lot
of work to merge it.
If you find something you don't like please let me know and I can fix it
up quickly.
Thanks,
Scott K
Show replies by date