Some light request fields are actually optional - Githubissues

CZ-NIC / django-eidas-specific-node

GNU General Public License v3.0

2 stars 2 forks source link

Some light request fields are actually optional #16

Open jiri-janousek opened 5 years ago

jiri-janousek commented 5 years ago

These fields shouldn't be optional according to XML schema (eIDAS-Node National IdP and SP Integration Guide, Version 2.3, page 47):

<xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="subjectNameIdFormat" minOccurs="1" maxOccurs="1" />
<xs:element name="levelOfAssurance" minOccurs="1" maxOccurs="1" />

However, they are optional for failed responses: eIDAS node accepts and provides light responses without these fields.

Changes to implement:

LightResponse.validate() - treat subject, subject_name_id_format, and level_of_assurance as optional if status.failure is True.
SAMLResponse.create_light_response() - stop providing dummy data for subject, subject_name_id_format, and level_of_assurance in case of failure responses.

jtalir commented 3 years ago

Should be fixed in CEF eIDAS Node 2.5