diff --git a/README.md b/README.md index 977c1f8a..b82f6ac5 100644 --- a/README.md +++ b/README.md @@ -684,6 +684,7 @@ Main class of OneLogin Python Toolkit * ***get_nameid*** Returns the nameID. * ***get_session_index*** Gets the SessionIndex from the AuthnStatement. * ***get_errors*** Returns a list with code errors if something went wrong. +* ***get_last_error_reason*** Return the reason of the last error * ***get_sso_url*** Gets the SSO url. * ***get_slo_url*** Gets the SLO url. * ***build_request_signature*** Builds the Signature of the SAML Request. diff --git a/src/onelogin/saml2/auth.py b/src/onelogin/saml2/auth.py index 8a5fa987..33078a6a 100644 --- a/src/onelogin/saml2/auth.py +++ b/src/onelogin/saml2/auth.py @@ -56,6 +56,7 @@ def __init__(self, request_data, old_settings=None, custom_base_path=None): self.__session_index = None self.__authenticated = False self.__errors = [] + self.__error_reason = None def get_settings(self): """ @@ -98,6 +99,7 @@ def process_response(self, request_id=None): else: self.__errors.append('invalid_response') + self.__error_reason = response.get_error() else: self.__errors.append('invalid_binding') @@ -124,6 +126,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_ logout_response = OneLogin_Saml2_Logout_Response(self.__settings, self.__request_data['get_data']['SAMLResponse']) if not logout_response.is_valid(self.__request_data, request_id): self.__errors.append('invalid_logout_response') + self.__error_reason = logout_response.get_error() elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS: self.__errors.append('logout_not_success') elif not keep_local_session: @@ -133,6 +136,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_ logout_request = OneLogin_Saml2_Logout_Request(self.__settings, self.__request_data['get_data']['SAMLRequest']) if not logout_request.is_valid(self.__request_data): self.__errors.append('invalid_logout_request') + self.__error_reason = logout_request.get_error() else: if not keep_local_session: OneLogin_Saml2_Utils.delete_local_session(delete_session_cb) @@ -218,6 +222,15 @@ def get_errors(self): """ return self.__errors + def get_last_error_reason(self): + """ + Return the reason for the last error + + :returns: Reason of the last error + :rtype: None | string + """ + return self.__error_reason + def get_attribute(self, name): """ Returns the requested SAML attribute.