Add support for errorURL to be exposed in metadata for IdP

errorURL can be used to redirect a user's browser in the event of a failure.
Most part of this exist already in this project. But was not exposed in the
metadata generated from the configuration.

Author: nsmoooose

docs/howto/config.rst

@@ -1320,6 +1320,19 @@ Example::
         },
     },
 
+error_url
+"""""""""
+
+The URL to which the user's browser may be redirected in the event of a failure.
+
+Example::
+
+    "service":
+        "idp": {
+            "error_url": "http://localhost:8088/error_page",
+        },
+    }
+
 only_use_keys_in_metadata
 """""""""""""""""""""""""
 

src/saml2/config.py

@@ -120,6 +120,7 @@
     "domain",
     "name_qualifier",
     "edu_person_targeted_id",
+    "error_url",
 ]
 
 PDP_ARGS = ["endpoints", "name_form", "name_id_format"]

src/saml2/metadata.py

@@ -583,6 +583,10 @@ def do_idpsso_descriptor(conf, cert=None, enc_cert=None):
         except KeyError:
             setattr(idpsso, key, DEFAULTS[key])
 
+    error_url = conf.getattr("error_url", "idp")
+    if error_url:
+        idpsso.error_url = error_url
+
     return idpsso
 
 

tests/test_31_config.py

@@ -103,6 +103,7 @@
                 },
                 "urn:mace:umu.se:saml:roland:sp": None,
             },
+            "error_url": "http://localhost:8080/error",
         }
     },
     # "xmlsec_binary" : "/usr/local/bin/xmlsec1",
@@ -287,6 +288,9 @@ def test_idp_1():
     attribute_restrictions = c.getattr("policy", "idp").get_attribute_restrictions("")
     assert attribute_restrictions["edupersonaffiliation"][0].match("staff")
 
+    error_url = c.getattr("error_url", "idp")
+    assert error_url == "http://localhost:8080/error"
+
 
 def test_idp_2():
     c = IdPConfig().load(IDP2)