Set the value of WantAuthnRequestsSigned to True

The spec says the default should be False if not specified
but lasso sets it to true unless it is explicitly set to
False. So let's be explicit and set it to True.

https://fedorahosted.org/ipsilon/ticket/136

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

diff --git a/ipsilon/tools/saml2metadata.py b/ipsilon/tools/saml2metadata.py
index d360ccd..2138777 100755 (executable)
--- a/ipsilon/tools/saml2metadata.py
+++ b/ipsilon/tools/saml2metadata.py
@@ -86,6 +86,8 @@ class Metadata(object):
             raise ValueError('invalid role: %s' % role)
         self.role = mdElement(self.root, description)
         self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF)
+        if role == IDP_ROLE:
+            self.role.set('WantAuthnRequestsSigned', 'true')
         return self.role
 
     def set_expiration(self, exp):