Merge branch 'master' into replace-pyopenssl

Author: prauscher

.github/pull_request_template.md

@@ -2,8 +2,8 @@
 
 ##### The feature or problem addressed by this PR
 
-<!-- an explaination of the issue that is being resolved with this PR -->
-<!-- or, an explaination of the feature that is being added with this PR -->
+<!-- an explanation of the issue that is being resolved with this PR -->
+<!-- or, an explanation of the feature that is being added with this PR -->
 <!-- or, link to an issue describing the problem -->
 
 

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+
+## 7.5.3 (2025-10-04)
+
+- #973 Fix prepare_for_negotiated_authenticate to avoid double signing redirect requests
+
+
 ## 7.5.2 (2025-02-10)
 
 - Include the XSD of the XML Encryption Syntax and Processing Version 1.1 to the schema validator
@@ -8,7 +14,7 @@
 ## 7.5.1 (2025-02-10)
 
 - deps: restrict pyOpenSSL up to v24.2.1 until it is replaced
-- deps: update dependncies for the lockfile and examples
+- deps: update dependencies for the lockfile and examples
 
 
 ## 7.5.0 (2024-01-30)
@@ -46,9 +52,9 @@
 ## 7.3.0 (2023-02-14)
 
 - During metadata generation, render extensions both for EntityDescriptor and IdPSSODescriptor
-- Fix compatibility with certain SAML implementation that inflate messasges on the POST binding
+- Fix compatibility with certain SAML implementation that inflate messages on the POST binding
 - Update the SWAMID entity category requirements
-- Fix check for NameID when it originates from an encrypted asssertion
+- Fix check for NameID when it originates from an encrypted assertion
 - Add support for pymongo `>=3.5` and `<5`
 - Update README with supported specifications
 - Remove dependency on the six package
@@ -131,7 +137,7 @@
 - Refactor AuthnResponse::authn_info to consider DeclRef equivalent to ClassRef.
 - Ensure creation of multiple ePTIDs is handled correctly.
 - Improve signature checks by ensuring the Object element is absent, enforcing allowed
-  transform aglorithms, enforcing allowed canonicalization methods and requiring the
+  transform algorithms, enforcing allowed canonicalization methods and requiring the
   enveloped-signature transform to be present.
 - mdstore: Make unknown metadata extensions available through the internal metadata.
 - mdstore: Fix the exception handler of the InMemoryMetaData object.
@@ -228,7 +234,7 @@
   part of its metadata.
 - CI/CD: Use Ubuntu bionic as the host to run the CI/CD process.
 - CI/CD: Pre-releases are now available on [test.pypi.org][pypi.test.pysaml2]. Each
-  commit/merge on the master branch autotically creates a new pre-release. To install a
+  commit/merge on the master branch automatically creates a new pre-release. To install a
   prelease, run:
 
   ```sh
@@ -249,7 +255,7 @@
 - Fix wrong identifiers for ecdsa algos
 - Fix automatic inversion of attribute map files
 - Factor out common codepaths in attribute_converter
-- Remove uneeded exception logging
+- Remove unneeded exception logging
 - Docs: Update configuration options documentation
 - Examples: Support both str and bytes in SAML requests on the example idp
 - Examples: Update to key generation to 2048 bits

CONTRIBUTING.md

@@ -100,7 +100,7 @@ Before you submit your Pull Request (PR) consider the following guidelines:
 5. Create your patch, **including appropriate test cases**.
    Remember to follow the [Coding Rules](#coding-rules).
 
-6. Run the full test suite, as described in the [developer documentation][dev-doc],
+6. Run the full test suite, as described in the [DEVELOPERS.md](DEVELOPERS.md),
    and ensure that all tests pass.
 
 7. Commit your changes using a descriptive commit message.
@@ -146,4 +146,4 @@ keep these rules in mind as you are working:
 * All public API methods **must be documented**.
 * We follow [Black's style guide](https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html),
   and wrap all code at **120 characters**.
-  Pre-configured tools to automatically lint and format code are available, see [DEVELOPER.md](DEVELOPER.md).
+  Pre-configured tools to automatically lint and format code are available, see [DEVELOPERS.md](DEVELOPERS.md).

DEVELOPERS.md

@@ -24,7 +24,7 @@ $ pyenv versions --bare | xargs pyenv local
 This project uses [`poetry`] to manage dependencies and virtual environments.
 See `poetry`'s [installation instructions] on how to install `poetry` on your system.
 
-I have opted to use [`pipx`] to install and manage `poerty` itself.
+I have opted to use [`pipx`] to install and manage `poetry` itself.
 I also use `pipx` to manage other python executables that I want readily available on my system.
 
 Once `poetry` is available on your system, install the development dependencies:

docs/howto/config.rst

@@ -221,26 +221,30 @@ contact_person
 ^^^^^^^^^^^^^^
 
 This is only used by *make_metadata.py* when it constructs the metadata for
-the service described by the configuration file.
-This is where you describe who can be contacted if questions arise
-about the service or if support is needed. The possible types are according to
-the standard **technical**, **support**, **administrative**, **billing**
-and **other**.::
+the service described by the configuration file. This is where you describe
+who can be contacted if questions arise about the service or if support is
+needed.
+
+Note that `contact_type` is required for a valid schema. The possible types
+are according to the standard **technical**, **support**, **administrative**,
+**billing** and **other**::
 
     contact_person: [
         {
-            "givenname": "Derek",
-            "surname": "Jeter",
+            "given_name": "Derek",
+            "sur_name": "Jeter",
             "company": "Example Co.",
-            "mail": ["[email protected]"],
-            "type": "technical",
+            "email_address": ["[email protected]"],
+            "telephone_number": ["123-456-789", "+1 234 567 89"]
+            "contact_type": "technical",
         },
         {
-            "givenname": "Joe",
-            "surname": "Girardi",
+            "given_name": "Joe",
+            "sur_name": "Girardi",
             "company": "Example Co.",
-            "mail": "[email protected]",
-            "type": "administrative",
+            "email_address": ["[email protected]", "[email protected]"]
+            "telephone_number": ["987-654-321"]
+            "contact_type": "administrative",
         },
     ]
 
@@ -404,7 +408,7 @@ file system.
 When the parameter *check_validity* is set to False metadata that have expired
 will be accepted as valid.
 
-When the paramenter *disable_ssl_certificate_validation* is set to True the
+When the parameter *disable_ssl_certificate_validation* is set to True the
 validity of ssl certificate will be skipped.
 
 When using a remote metadata source, the `node_name` option can be set to
@@ -522,7 +526,7 @@ accepted_time_diff
 
 If your computer and another computer that you are communicating with are not
 in sync regarding the computer clock, then here you can state how big a
-difference you are prepared to accept.
+difference in seconds you are prepared to accept.
 
 .. note:: This will indiscriminately affect all time comparisons.
     Hence your server may accept a statement that in fact is too old.
@@ -1481,11 +1485,11 @@ We start with a simple but fairly complete Service provider configuration::
         }
         "contact_person": [
             {
-                "givenname": "Roland",
-                "surname": "Hedberg",
-                "phone": "+46 90510",
-                "mail": "[email protected]",
-                "type": "technical",
+                "given_name": "Roland",
+                "sur_name": "Hedberg",
+                "telephone_number": ["+46 90510"],
+                "email_address": ["[email protected]"],
+                "contact_type": "technical",
             },
         ]
     }
@@ -1539,11 +1543,11 @@ A slightly more complex configuration::
         }
         "contact_person": [
             {
-                "givenname": "Roland",
-                "surname": "Hedberg",
-                "phone": "+46 90510",
-                "mail": "[email protected]",
-                "type": "technical",
+                "given_name": "Roland",
+                "sur_name": "Hedberg",
+                "telephone_number": ["+46 90510"],
+                "email_address": ["[email protected]"],
+                "contact_type": "technical",
             },
         ]
     }