IdentityPython
diff --git a/‎example/idp2/idp.py
Lines changed: 6 additions & 1 deletion b/‎example/idp2/idp.py
Lines changed: 6 additions & 1 deletion
diff --git a/‎example/idp2/idp_uwsgi.py
Lines changed: 2 additions & 1 deletion b/‎example/idp2/idp_uwsgi.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎example/idp2_repoze/idp.py
Lines changed: 2 additions & 1 deletion b/‎example/idp2_repoze/idp.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎setup.py
Lines changed: 2 additions & 1 deletion b/‎setup.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/saml2/client.py
Lines changed: 16 additions & 11 deletions b/‎src/saml2/client.py
Lines changed: 16 additions & 11 deletions
diff --git a/‎src/saml2/config.py
Lines changed: 2 additions & 1 deletion b/‎src/saml2/config.py
Lines changed: 2 additions & 1 deletion
@@ -389,6 +389,10 @@ def redirect(self):
                 resp = BadRequest("Message signature verification failure")
                 return resp(self.environ, self.start_response)
 
+            if not self.req_info:
+                resp = BadRequest("Message parsing failed")
+                return resp(self.environ, self.start_response)
+
             _req = self.req_info.message
 
             if "SigAlg" in saml_msg and "Signature" in saml_msg:
@@ -397,7 +401,8 @@ def redirect(self):
                 _certs = IDP.metadata.certs(issuer, "any", "signing")
                 verified_ok = False
                 for cert in _certs:
-                    if verify_redirect_signature(saml_msg, cert):
+                    if verify_redirect_signature(saml_msg, IDP.sec.sec_backend,
+                                                 cert):
                         verified_ok = True
                         break
                 if not verified_ok:
 
@@ -366,7 +366,8 @@ def redirect(self):
                 _certs = IDP.metadata.certs(issuer, "any", "signing")
                 verified_ok = False
                 for cert in _certs:
-                    if verify_redirect_signature(saml_msg, cert):
+                    if verify_redirect_signature(saml_msg, IDP.sec.sec_backend,
+                                                 cert):
                         verified_ok = True
                         break
                 if not verified_ok:
 
@@ -350,7 +350,8 @@ def redirect(self):
                 _certs = IDP.metadata.certs(issuer, "any", "signing")
                 verified_ok = False
                 for cert in _certs:
-                    if verify_redirect_signature(_info, cert):
+                    if verify_redirect_signature(_info, IDP.sec.sec_backend,
+                                                 cert):
                         verified_ok = True
                         break
                 if not verified_ok:
 
@@ -47,7 +47,8 @@
         "License :: OSI Approved :: Apache Software License",
         "Topic :: Software Development :: Libraries :: Python Modules",
         "Programming Language :: Python :: 2.7",
-        "Programming Language :: Python :: 3.4"
+        "Programming Language :: Python :: 3.4",
+        "Programming Language :: Python :: 3.5"
     ],
 
     scripts=["tools/parse_xsd2.py", "tools/make_metadata.py",
 
@@ -66,7 +66,8 @@ def prepare_for_authenticate(
         :return: session id and AuthnRequest info
         """
 
-        reqid, negotiated_binding, info = self.prepare_for_negotiated_authenticate(
+        reqid, negotiated_binding, info = \
+            self.prepare_for_negotiated_authenticate(
             entityid=entityid,
             relay_state=relay_state,
             binding=binding,
@@ -137,7 +138,8 @@ def prepare_for_negotiated_authenticate(
             raise SignOnError(
                 "No supported bindings available for authentication")
 
-    def global_logout(self, name_id, reason="", expire=None, sign=None, sign_alg=None, digest_alg=None):
+    def global_logout(self, name_id, reason="", expire=None, sign=None,
+                      sign_alg=None, digest_alg=None):
         """ More or less a layer of indirection :-/
         Bootstrapping the whole thing by finding all the IdPs that should
         be notified.
@@ -162,10 +164,12 @@ def global_logout(self, name_id, reason="", expire=None, sign=None, sign_alg=Non
 
         # find out which IdPs/AAs I should notify
         entity_ids = self.users.issuers_of_info(name_id)
-        return self.do_logout(name_id, entity_ids, reason, expire, sign, sign_alg=sign_alg, digest_alg=digest_alg)
+        return self.do_logout(name_id, entity_ids, reason, expire, sign,
+                              sign_alg=sign_alg, digest_alg=digest_alg)
 
     def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
-                  expected_binding=None, sign_alg=None, digest_alg=None, **kwargs):
+                  expected_binding=None, sign_alg=None, digest_alg=None,
+                  **kwargs):
         """
 
         :param name_id: Identifier of the Subject (a NameID instance)
@@ -227,22 +231,22 @@ def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
                     sign = self.logout_requests_signed
 
                 sigalg = None
-                key = None
                 if sign:
                     if binding == BINDING_HTTP_REDIRECT:
-                        sigalg = kwargs.get("sigalg", ds.DefaultSignature().get_sign_alg())
-                        key = kwargs.get("key", self.signkey)
+                        sigalg = kwargs.get(
+                            "sigalg", ds.DefaultSignature().get_sign_alg())
+                        #key = kwargs.get("key", self.signkey)
                         srequest = str(request)
                     else:
-                        srequest = self.sign(request, sign_alg=sign_alg, digest_alg=digest_alg)
+                        srequest = self.sign(request, sign_alg=sign_alg,
+                                             digest_alg=digest_alg)
                 else:
                     srequest = str(request)
 
                 relay_state = self._relay_state(req_id)
 
                 http_info = self.apply_binding(binding, srequest, destination,
-                                               relay_state, sigalg=sigalg,
-                                               key=key)
+                                               relay_state, sigalg=sigalg)
 
                 if binding == BINDING_SOAP:
                     response = self.send(**http_info)
@@ -318,7 +322,8 @@ def handle_logout_response(self, response, sign_alg=None, digest_alg=None):
             return self.do_logout(decode(status["name_id"]),
                                   status["entity_ids"],
                                   status["reason"], status["not_on_or_after"],
-                                  status["sign"], sign_alg=sign_alg, digest_alg=digest_alg)
+                                  status["sign"], sign_alg=sign_alg,
+                                  digest_alg=digest_alg)
 
     def _use_soap(self, destination, query_type, **kwargs):
         _create_func = getattr(self, "create_%s" % query_type)
 
@@ -53,7 +53,8 @@
     "tmp_key_file",
     "validate_certificate",
     "extensions",
-    "allow_unknown_attributes"
+    "allow_unknown_attributes",
+    "crypto_backend"
 ]
 
 SP_ARGS = [
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,8 @@`
`53`	`53`	`"tmp_key_file",`
`54`	`54`	`"validate_certificate",`
`55`	`55`	`"extensions",`
`56`		`- "allow_unknown_attributes"`
	`56`	`+ "allow_unknown_attributes",`
	`57`	`+ "crypto_backend"`
`57`	`58`	`]`
`58`	`59`
`59`	`60`	`SP_ARGS = [`