'slo-soap': ('SingleLogoutService',
lasso.SAML2_METADATA_BINDING_SOAP),
'response-post': ('AssertionConsumerService',
- lasso.SAML2_METADATA_BINDING_POST)
+ lasso.SAML2_METADATA_BINDING_POST),
+ 'response-paos': ('AssertionConsumerService',
+ lasso.SAML2_METADATA_BINDING_PAOS),
}
EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF
raise ValueError('invalid role: %s' % role)
self.role = mdElement(self.root, description)
self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF)
+ if role == IDP_ROLE:
+ self.role.set('WantAuthnRequestsSigned', 'true')
return self.role
def set_expiration(self, exp):
elif isinstance(exp, datetime.datetime):
d = exp
elif isinstance(exp, datetime.timedelta):
- d = datetime.datetime.now() + exp
+ d = datetime.datetime.utcnow() + exp
else:
raise TypeError('Invalid expiration date type')
- self.root.set('validUntil', d.isoformat())
+ self.root.set('validUntil', d.isoformat() + 'Z')
def add_cert(self, certdata, use):
desc = mdElement(self.role, 'KeyDescriptor')