When parsing IdP metadata using OneLogin_Saml2_IdPMetadataParser.parse, the WantAuthnRequestsSigned attribute in the metadata XML did not result in the authnRequestsSigned flag set to True in the resulting configuration dictionary.
Apparently the code tries to find the attribute on the EntityDescriptor instead of the IDPSSODescriptor where it should be located according to the SAML specification.
When parsing IdP metadata using
OneLogin_Saml2_IdPMetadataParser.parse, theWantAuthnRequestsSignedattribute in the metadata XML did not result in theauthnRequestsSignedflag set toTruein the resulting configuration dictionary.Apparently the code tries to find the attribute on the
EntityDescriptorinstead of theIDPSSODescriptorwhere it should be located according to the SAML specification.I have a branch that fixes it at https://github.com/jhoekx/python3-saml/tree/want-authn-requests-signed . Note that one metadata test case already included the
WantAuthnRequestsSignedattribute in the XML, but did not expect it in the assertions.I could work around this by moving the attribute. Not sure how many people will experience a broken configuration as a result of fixing this bug.