pythonthings
diff --git a/‎README.md‎
Lines changed: 6 additions & 2 deletions b/‎README.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎src/onelogin/saml2/auth.py‎
Lines changed: 32 additions & 0 deletions b/‎src/onelogin/saml2/auth.py‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/authn_request.py‎
Lines changed: 8 additions & 0 deletions b/‎src/onelogin/saml2/authn_request.py‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/logout_request.py‎
Lines changed: 9 additions & 0 deletions b/‎src/onelogin/saml2/logout_request.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/logout_response.py‎
Lines changed: 9 additions & 0 deletions b/‎src/onelogin/saml2/logout_response.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/response.py‎
Lines changed: 11 additions & 0 deletions b/‎src/onelogin/saml2/response.py‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/onelogin/saml2/xml_templates.py‎
Lines changed: 39 additions & 39 deletions b/‎src/onelogin/saml2/xml_templates.py‎
Lines changed: 39 additions & 39 deletions
diff --git a/‎tests/data/responses/decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions b/‎tests/data/responses/decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions b/‎tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml‎
Lines changed: 7 additions & 0 deletions
@@ -794,6 +794,8 @@ Main class of OneLogin Python Toolkit
 * ***build_response_signature*** Builds the Signature of the SAML Response.
 * ***get_settings*** Returns the settings info.
 * ***set_strict*** Set the strict mode active/disable.
+* ***get_last_request_xml*** Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
+* ***get_last_response_xml*** Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.
 
 ####OneLogin_Saml2_Auth - authn_request.py####
 
@@ -802,7 +804,7 @@ SAML 2 Authentication Request class
 * `__init__` This class handles an AuthNRequest. It builds an AuthNRequest object.
 * ***get_request*** Returns unsigned AuthnRequest.
 * ***get_id*** Returns the AuthNRequest ID.
-
+* ***get_xml*** Returns the XML that will be sent as part of the request.
 
 ####OneLogin_Saml2_Response - response.py####
 
@@ -821,6 +823,7 @@ SAML 2 Authentication Response class
 * ***validate_num_assertions*** Verifies that the document only contains a single Assertion (encrypted or not)
 * ***validate_timestamps*** Verifies that the document is valid according to Conditions Element
 * ***get_error*** After execute a validation process, if fails this method returns the cause
+* ***get_xml_document*** If necessary, decrypt the XML response document, and return it.
 
 ####OneLogin_Saml2_LogoutRequest - logout_request.py####
 
@@ -835,6 +838,7 @@ SAML 2 Logout Request class
 * ***get_session_indexes*** Gets the SessionIndexes from the Logout Request.
 * ***is_valid*** Checks if the Logout Request recieved is valid.
 * ***get_error*** After execute a validation process, if fails this method returns the cause.
+* ***get_xml*** Returns the XML that will be sent as part of the request or that was received at the SP
 
 ####OneLogin_Saml2_LogoutResponse - logout_response.py####
 
@@ -847,7 +851,7 @@ SAML 2 Logout Response class
 * ***build*** Creates a Logout Response object.
 * ***get_response*** Returns a Logout Response object.
 * ***get_error*** After execute a validation process, if fails this method returns the cause.
-
+* ***get_xml*** Returns the XML that will be sent as part of the response or that was received at the SP
 
 ####OneLogin_Saml2_Settings - settings.py####
 
 
@@ -12,6 +12,7 @@
 """
 
 import xmlsec
+from lxml import etree
 
 from onelogin.saml2 import compat
 from onelogin.saml2.settings import OneLogin_Saml2_Settings
@@ -59,6 +60,8 @@ def __init__(self, request_data, old_settings=None, custom_base_path=None):
         self.__errors = []
         self.__error_reason = None
         self.__last_request_id = None
+        self.__last_request = None
+        self.__last_response = None
 
     def get_settings(self):
         """
@@ -92,6 +95,7 @@ def process_response(self, request_id=None):
         if 'post_data' in self.__request_data and 'SAMLResponse' in self.__request_data['post_data']:
             # AuthnResponse -- HTTP_POST Binding
             response = OneLogin_Saml2_Response(self.__settings, self.__request_data['post_data']['SAMLResponse'])
+            self.__last_response = response.get_xml_document()
 
             if response.is_valid(self.__request_data, request_id):
                 self.__attributes = response.get_attributes()
@@ -128,6 +132,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
         get_data = 'get_data' in self.__request_data and self.__request_data['get_data']
         if get_data and 'SAMLResponse' in get_data:
             logout_response = OneLogin_Saml2_Logout_Response(self.__settings, get_data['SAMLResponse'])
+            self.__last_response = logout_response.get_xml()
             if not self.validate_response_signature(get_data):
                 self.__errors.append('invalid_logout_response_signature')
                 self.__errors.append('Signature validation failed. Logout Response rejected')
@@ -141,6 +146,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
 
         elif get_data and 'SAMLRequest' in get_data:
             logout_request = OneLogin_Saml2_Logout_Request(self.__settings, get_data['SAMLRequest'])
+            self.__last_request = logout_request.get_xml()
             if not self.validate_request_signature(get_data):
                 self.__errors.append("invalid_logout_request_signature")
                 self.__errors.append('Signature validation failed. Logout Request rejected')
@@ -154,6 +160,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
                 in_response_to = logout_request.id
                 response_builder = OneLogin_Saml2_Logout_Response(self.__settings)
                 response_builder.build(in_response_to)
+                self.__last_response = response_builder.get_xml()
                 logout_response = response_builder.get_response()
 
                 parameters = {'SAMLResponse': logout_response}
@@ -288,6 +295,7 @@ def login(self, return_to=None, force_authn=False, is_passive=False, set_nameid_
         :rtype: string
         """
         authn_request = OneLogin_Saml2_Authn_Request(self.__settings, force_authn, is_passive, set_nameid_policy)
+        self.__last_request = authn_request.get_xml()
         self.__last_request_id = authn_request.get_id()
 
         saml_request = authn_request.get_request()
@@ -337,6 +345,7 @@ def logout(self, return_to=None, name_id=None, session_index=None, nq=None):
             session_index=session_index,
             nq=nq
         )
+        self.__last_request = logout_request.get_xml()
         self.__last_request_id = logout_request.id
 
         parameters = {'SAMLRequest': logout_request.get_request()}
@@ -547,3 +556,26 @@ def __validate_signature(self, data, saml_type, raise_exceptions=False):
             if raise_exceptions:
                 raise e
             return False
+
+    def get_last_response_xml(self, pretty_print_if_possible=False):
+        """
+        Retrieves the raw XML (decrypted) of the last SAML response,
+        or the last Logout Response generated or processed
+        :returns: SAML response XML
+        :rtype: string|None
+        """
+        response = None
+        if self.__last_response is not None:
+            if isinstance(self.__last_response, basestring):
+                response = self.__last_response
+            else:
+                response = etree.tostring(self.__last_response, pretty_print=pretty_print_if_possible)
+        return response
+
+    def get_last_request_xml(self):
+        """
+        Retrieves the raw XML sent in the last SAML request
+        :returns: SAML request XML
+        :rtype: string|None
+        """
+        return self.__last_request or None
@@ -140,3 +140,11 @@ def get_id(self):
         :rtype: string
         """
         return self.__id
+
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the request
+        :return: XML request body
+        :rtype: string
+        """
+        return self.__authn_request
@@ -111,6 +111,15 @@ def get_request(self, deflate=True):
             request = OneLogin_Saml2_Utils.b64encode(self.__logout_request)
         return request
 
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the request
+        or that was received at the SP
+        :return: XML request body
+        :rtype: string
+        """
+        return self.__logout_request
+
     @staticmethod
     def get_id(request):
         """
 
@@ -187,3 +187,12 @@ def get_error(self):
         After executing a validation process, if it fails this method returns the cause
         """
         return self.__error
+
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the response
+        or that was received at the SP
+        :return: XML response body
+        :rtype: string
+        """
+        return self.__logout_response
@@ -754,3 +754,14 @@ def get_error(self):
         After executing a validation process, if it fails this method returns the cause
         """
         return self.__error
+
+    def get_xml_document(self):
+        """
+        If necessary, decrypt the XML response document, and return it.
+        :return: Decrypted XML response document
+        :rtype: string
+        """
+        if self.encrypted:
+            return self.decrypted_document
+        else:
+            return self.document
@@ -21,40 +21,40 @@ class OneLogin_Saml2_Templates(object):
 
     AUTHN_REQUEST = """\
 <samlp:AuthnRequest
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    ID="%(id)s"
-    Version="2.0"%(provider_name)s%(force_authn_str)s%(is_passive_str)s
-    IssueInstant="%(issue_instant)s"
-    Destination="%(destination)s"
-    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-    AssertionConsumerServiceURL="%(assertion_url)s"%(attr_consuming_service_str)s>
+  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  ID="%(id)s"
+  Version="2.0"%(provider_name)s%(force_authn_str)s%(is_passive_str)s
+  IssueInstant="%(issue_instant)s"
+  Destination="%(destination)s"
+  ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+  AssertionConsumerServiceURL="%(assertion_url)s"%(attr_consuming_service_str)s>
     <saml:Issuer>%(entity_id)s</saml:Issuer>%(nameid_policy_str)s
 %(requested_authn_context_str)s
 </samlp:AuthnRequest>"""
 
     LOGOUT_REQUEST = """\
 <samlp:LogoutRequest
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    ID="%(id)s"
-    Version="2.0"
-    IssueInstant="%(issue_instant)s"
-    Destination="%(single_logout_url)s">
+  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  ID="%(id)s"
+  Version="2.0"
+  IssueInstant="%(issue_instant)s"
+  Destination="%(single_logout_url)s">
     <saml:Issuer>%(entity_id)s</saml:Issuer>
     %(name_id)s
     %(session_index)s
 </samlp:LogoutRequest>"""
 
     LOGOUT_RESPONSE = """\
 <samlp:LogoutResponse
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    ID="%(id)s"
-    Version="2.0"
-    IssueInstant="%(issue_instant)s"
-    Destination="%(destination)s"
-    InResponseTo="%(in_response_to)s">
+  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  ID="%(id)s"
+  Version="2.0"
+  IssueInstant="%(issue_instant)s"
+  Destination="%(destination)s"
+  InResponseTo="%(in_response_to)s">
     <saml:Issuer>%(entity_id)s</saml:Issuer>
     <samlp:Status>
         <samlp:StatusCode Value="%(status)s" />
@@ -105,18 +105,18 @@ class OneLogin_Saml2_Templates(object):
 
     RESPONSE = """\
 <samlp:Response
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    ID="%(id)s"
-    InResponseTo="%(in_response_to)s"
-    Version="2.0"
-    IssueInstant="%(issue_instant)s"
-    Destination="%(destination)s">
+  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  ID="%(id)s"
+  InResponseTo="%(in_response_to)s"
+  Version="2.0"
+  IssueInstant="%(issue_instant)s"
+  Destination="%(destination)s">
     <saml:Issuer>%(entity_id)s</saml:Issuer>
     <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
         <samlp:StatusCode
-            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-            Value="%(status)s">
+          xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+          Value="%(status)s">
         </samlp:StatusCode>
     </samlp:Status>
     <saml:Assertion
@@ -128,14 +128,14 @@ class OneLogin_Saml2_Templates(object):
         <saml:Issuer>%(entity_id)s</saml:Issuer>
         <saml:Subject>
             <saml:NameID
-                NameQualifier="%(entity_id)s"
-                SPNameQualifier="%(requester)s"
-                Format="%(name_id_policy)s">%(name_id)s</saml:NameID>
+              NameQualifier="%(entity_id)s"
+              SPNameQualifier="%(requester)s"
+              Format="%(name_id_policy)s">%(name_id)s</saml:NameID>
             <saml:SubjectConfirmation Method="%(cm)s">
                 <saml:SubjectConfirmationData
-                    NotOnOrAfter="%(not_after)s"
-                    InResponseTo="%(in_response_to)s"
-                    Recipient="%(destination)s">
+                  NotOnOrAfter="%(not_after)s"
+                  InResponseTo="%(in_response_to)s"
+                  Recipient="%(destination)s">
                 </saml:SubjectConfirmationData>
             </saml:SubjectConfirmation>
         </saml:Subject>
@@ -145,9 +145,9 @@ class OneLogin_Saml2_Templates(object):
             </saml:AudienceRestriction>
         </saml:Conditions>
         <saml:AuthnStatement
-            AuthnInstant="%(issue_instant)s"
-            SessionIndex="%(session_index)s"
-            SessionNotOnOrAfter="%(not_after)s">
+          AuthnInstant="%(issue_instant)s"
+          SessionIndex="%(session_index)s"
+          SessionNotOnOrAfter="%(not_after)s">
 %(authn_context)s
         </saml:AuthnStatement>
         <saml:AttributeStatement>
 
@@ -0,0 +1,7 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_5f468249609040c6a351ac1be0e9fc60533ff09d3d" Version="2.0" IssueInstant="2014-03-29T12:01:57Z" Destination="http://stuff.com/endpoints/endpoints/acs.php" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d">
+    <saml:Issuer>http://idp.example.com/</saml:Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+    <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_519c2712648ee09a06d1f9a08e9e835715fea60267" Version="2.0" IssueInstant="2014-03-29T12:01:57Z"><saml:Issuer>http://idp.example.com/</saml:Issuer><saml:Subject><saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_68392312d490db6d355555cfbbd8ec95d746516f60</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2055-06-07T20:17:08Z" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2011-01-26T03:23:48Z" NotOnOrAfter="2055-06-07T20:17:08Z"><saml:AudienceRestriction><saml:Audience>http://stuff.com/endpoints/metadata.php</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-03-29T11:59:43Z" SessionNotOnOrAfter="2055-06-07T20:17:08Z" SessionIndex="_7164a9a9f97828bfdb8d0ebc004a05d2e7d873f70c"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">waa2</saml:AttributeValue></saml:Attribute><saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">user</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string">admin</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
+    </samlp:Response>
@@ -0,0 +1,7 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_5f468249609040c6a351ac1be0e9fc60533ff09d3d" Version="2.0" IssueInstant="2014-03-29T12:01:57Z" Destination="http://stuff.com/endpoints/endpoints/acs.php" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d">
+    <saml:Issuer>http://idp.example.com/</saml:Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+    <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_519c2712648ee09a06d1f9a08e9e835715fea60267" Version="2.0" IssueInstant="2014-03-29T12:01:57Z"><saml:Issuer>http://idp.example.com/</saml:Issuer><saml:Subject><saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_68392312d490db6d355555cfbbd8ec95d746516f60</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2055-06-07T20:17:08Z" InResponseTo="ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2011-01-26T03:23:48Z" NotOnOrAfter="2055-06-07T20:17:08Z"><saml:AudienceRestriction><saml:Audience>http://stuff.com/endpoints/metadata.php</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-03-29T11:59:43Z" SessionNotOnOrAfter="2055-06-07T20:17:08Z" SessionIndex="_7164a9a9f97828bfdb8d0ebc004a05d2e7d873f70c"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute><saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">waa2</saml:AttributeValue></saml:Attribute><saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">user</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string">admin</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
+    </samlp:Response>