[Idpy-discuss] pysaml2 PR 483 for signature checking on MDQ

Scott Koranda skoranda at gmail.com
Sat Dec 8 13:43:24 UTC 2018


Hi Ivan,

Can you consider PR 483 for the next round of pysaml2 work?

It has been around for about a year. Without it SATOSA cannot check the
signature of a reply from an MDQ server, and since SATOSA is often
deployed with pyFF for its metadata source this leaves a significant
security hole unless the patch is carried along (which I am doing for a
number of deployments).

I have recently rebased the commit on master so it should not be a lot
of work to merge it.

If you find something you don't like please let me know and I can fix it
up quickly.

Thanks,

Scott K


More information about the Idpy-discuss mailing list