Make the Issuer on the Response Optional

Jerome Thiard · Jerome Thiard · commit 2ee1bced605d · 2017-03-06T15:09:36.000+01:00
backport of SAML-Toolkits/python-saml@7e4d502
diff --git a/src/onelogin/saml2/errors.py b/src/onelogin/saml2/errors.py
@@ -91,7 +91,7 @@ class OneLogin_Saml2_ValidationError(Exception):
     WRONG_DESTINATION = 24
     EMPTY_DESTINATION = 25
     WRONG_AUDIENCE = 26
-    ISSUER_NOT_FOUND_IN_RESPONSE = 27
+    ISSUER_MULTIPLE_IN_RESPONSE = 27
     ISSUER_NOT_FOUND_IN_ASSERTION = 28
     WRONG_ISSUER = 29
     SESSION_EXPIRED = 30
diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
@@ -362,13 +362,14 @@ def get_issuers(self):
         issuers = set()
 
         message_issuer_nodes = OneLogin_Saml2_XML.query(self.document, '/samlp:Response/saml:Issuer')
-        if len(message_issuer_nodes) == 1:
-            issuers.add(message_issuer_nodes[0].text)
-        else:
-            raise OneLogin_Saml2_ValidationError(
-                'Issuer of the Response not found or multiple.',
-                OneLogin_Saml2_ValidationError.ISSUER_NOT_FOUND_IN_RESPONSE
-            )
+        if len(message_issuer_nodes) > 0:
+            if len(message_issuer_nodes) == 1:
+                issuers.add(message_issuer_nodes[0].text)
+            else:
+                raise OneLogin_Saml2_ValidationError(
+                    'Issuer of the Response is multiple.',
+                    OneLogin_Saml2_ValidationError.ISSUER_MULTIPLE_IN_RESPONSE
+                )
 
         assertion_issuer_nodes = self.__query_assertion('/saml:Issuer')
         if len(assertion_issuer_nodes) == 1:
diff --git a/tests/src/OneLogin/saml2_tests/response_test.py b/tests/src/OneLogin/saml2_tests/response_test.py
@@ -354,8 +354,8 @@ def testGetIssuers(self):
 
         xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_issuer_response.xml.base64'))
         response_4 = OneLogin_Saml2_Response(settings, xml_4)
-        with self.assertRaisesRegexp(Exception, 'Issuer of the Response not found or multiple.'):
-            response_4.get_issuers()
+        response_4.get_issuers()
+        self.assertEqual(['https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], response_4.get_issuers())
 
         xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_issuer_assertion.xml.base64'))
         response_5 = OneLogin_Saml2_Response(settings, xml_5)
