Merge pull request #114 from mattshin/master

pitbulk · web-flow · commit 5773ea80f85a · 2018-11-02T12:14:23.000+01:00
Add expected/received in WRONG_ISSUER error
diff --git a/src/onelogin/saml2/logout_request.py b/src/onelogin/saml2/logout_request.py
@@ -322,7 +322,11 @@ def is_valid(self, request_data, raise_exceptions=False):
                 issuer = OneLogin_Saml2_Logout_Request.get_issuer(root)
                 if issuer is not None and issuer != idp_entity_id:
                     raise OneLogin_Saml2_ValidationError(
-                        'Invalid issuer in the Logout Request',
+                        'Invalid issuer in the Logout Request (expected %(idpEntityId)s, got %(issuer)s)' %
+                        {
+                            'idpEntityId': idp_entity_id,
+                            'issuer': issuer
+                        },
                         OneLogin_Saml2_ValidationError.WRONG_ISSUER
                     )
 
diff --git a/src/onelogin/saml2/logout_response.py b/src/onelogin/saml2/logout_response.py
@@ -106,7 +106,11 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
                 issuer = self.get_issuer()
                 if issuer is not None and issuer != idp_entity_id:
                     raise OneLogin_Saml2_ValidationError(
-                        'Invalid issuer in the Logout Request',
+                        'Invalid issuer in the Logout Response (expected %(idpEntityId)s, got %(issuer)s)' %
+                        {
+                            'idpEntityId': idp_entity_id,
+                            'issuer': issuer
+                        },
                         OneLogin_Saml2_ValidationError.WRONG_ISSUER
                     )
 
diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
@@ -218,7 +218,11 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
                 for issuer in issuers:
                     if issuer is None or issuer != idp_entity_id:
                         raise OneLogin_Saml2_ValidationError(
-                            'Invalid issuer in the Assertion/Response',
+                            'Invalid issuer in the Assertion/Response (expected %(idpEntityId)s, got %(issuer)s)' %
+                            {
+                                'idpEntityId': idp_entity_id,
+                                'issuer': issuer
+                            },
                             OneLogin_Saml2_ValidationError.WRONG_ISSUER
                         )
 
diff --git a/tests/src/OneLogin/saml2_tests/logout_response_test.py b/tests/src/OneLogin/saml2_tests/logout_response_test.py
@@ -208,7 +208,7 @@ def testIsInValidIssuer(self):
 
         settings.set_strict(True)
         response_2 = OneLogin_Saml2_Logout_Response(settings, message)
-        with self.assertRaisesRegex(Exception, 'Invalid issuer in the Logout Request'):
+        with self.assertRaisesRegex(Exception, 'Invalid issuer in the Logout Response'):
             response_2.is_valid(request_data, raise_exceptions=True)
 
     def testIsInValidDestination(self):
