Bug on metadata.py?

It's not a bug.

In pysaml2 there are classes by the name "Organization", "OrganizationName", and so on and it is the class names you see in the XML.
These classes has attributes. The class Organization has the attributes organization_name, organization_display_name, …
The values of the attribute organization are instances of the class Organization.
You don't see the attribute names in the XML that is an internal Python representation and of course used in the code.

This is the reason behind the discrepancy you found between "Organization" in the XML representation and "organization" in the code.

Obviously there must be some behavior of PEER that wasn't what you suspected, that made you start looking at the code.
Could you tell us what that was ?!

-- Roland

13 feb 2012 kl. 21:31 skrev MaLa:

> Public bug reported:
>
> On the "..../pysaml2-0.2.0-py2.6.egg/saml2/metadata.py" file I found
> this:
>
> def name(self, entity_id):
>
> """ Find a name from the metadata about this entity id.
>
> The name is either the display name, the name or the url
>
> ,in that order, for the organization.
>
>
> :param entityid: The Entity ID
>
> :return: A name
>
> """
>
> try:
>
> org = self.entity[entity_id]["organization"]
>
>
> But on the generated metadata we found this:
>
> <md:Organization>
>
> <md:OrganizationName xml:lang="it">XXXXX</md:OrganizationName>
>
> <md:OrganizationName xml:lang="en">XXXXX</md:OrganizationName>
>
> <md:OrganizationDisplayName
> xml:lang="it">XXX</md:OrganizationDisplayName>
>
> <md:OrganizationDisplayName
> xml:lang="en">XXX</md:OrganizationDisplayName>
>
> <md:OrganizationURL
> xml:lang="it">https://www.xxxx.it/it</md:OrganizationURL>
>
> <md:OrganizationURL
> xml:lang="en">https://www.xxxx.it/en</md:OrganizationURL>
>
> </md:Organization>
>
>
> and "Organization" doesn't match with "organization" for the capital letter "O".
>
> This is a bug? Whitout the right replacement my Remote Installation of
> PEER software doesn't work.
>
> Kind Regards,
>
> Marco Malavolti
>
> ** Affects: pysaml2
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of pysaml2
> developers, which is subscribed to pySAML2.
> https://bugs.launchpad.net/bugs/931672
>
> Title:
> Bug on metadata.py?
>
> Status in Python implementation of SAML2:
> New
>
> Bug description:
> On the "..../pysaml2-0.2.0-py2.6.egg/saml2/metadata.py" file I found
> this:
>
> def name(self, entity_id):
>
> """ Find a name from the metadata about this entity id.
>
> The name is either the display name, the name or the url
>
> ,in that order, for the organization.
>
>
> :param entityid: The Entity ID
>
> :return: A name
>
> """
>
> try:
>
> org = self.entity[entity_id]["organization"]
>
>
> But on the generated metadata we found this:
>
> <md:Organization>
>
> <md:OrganizationName xml:lang="it">XXXXX</md:OrganizationName>
>
> <md:OrganizationName xml:lang="en">XXXXX</md:OrganizationName>
>
> ...

I've tryed to configure PEER for Remote Authentication and it doesn't work without that modification.

This is the debug message that I obtain without the modification:

Environment:

Request Method: GET
Request URL: https://xxxx.it/peer/accounts/login/

Django Version: 1.3.1
Python Version: 2.6.6
Installed Applications:
['django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'registration',
 'south',
 'djangosaml2',
 'peer.account',
 'peer.domain',
 'peer.entity',
 'peer.portal']
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

Template error:
In template /var/www/peer/lib/python2.6/site-packages/peer-0.8.0-py2.6.egg/peer/templates/registration/login.html, error at line 38
   Caught AttributeError while rendering: 'NoneType' object has no attribute 'organization_display_name'
   28 : {% if SAML_ENABLED %}

   29 : {% load idplist mailtoadmins %}

   30 :

   31 : <div class="right block">

   32 : <h2>{% trans "Federated sign in" %}</h2>

   33 : <form id="federated-login" action="{% url saml2_login %}" method="get">{% csrf_token %}

   34 : <fieldset>

   35 : <p>

   36 : <label for="id_idp">{% trans "Identity Provider" %}:</label>

   37 : <select id="id_idp" name="idp">

   38 : {% idplist as idps %}

   39 : {% for url, name in idps %}

   40 : <option value="{{ url }}">{% if name %}{{ name }}{% else %}{{ url }}{% endif %}</option>

   41 : {% endfor %}

   42 : </select>

   43 : </p>

   44 : <p>{% trans "Don't see your IdP in this list?" %} {% mailtoadmins %}</p>

   45 : </fieldset>

   46 : <fieldset class="actionRow">

   47 : <input class="button" type="submit" value="{% trans "Federated sign in" %}" />

   48 : </fieldset>

Traceback:
File "/var/www/peer/lib/python2.6/site-packages/Django-1.3.1-py2.6.egg/django/core/handlers/base.py" in get_response
  111. response = callback(request, *callback_args, **callback_kwargs)
File "/var/www/peer/lib/python2.6/site-packages/Django-1.3.1-py2.6.egg/django/utils/decorators.py" in _wrapped_view
  93. response = view_func(request, *args, **kwargs)
File "/var/www/peer/lib/python2.6/site-packages/Django-1.3.1-py2.6.egg/django/views/decorators/cache.py" in _wrapped_view_func
  79. response = view_func(request, *args, **kwargs)
File "/var/www/peer/lib/python2.6/site-packages/Django-1.3.1-py2.6.egg/django/contrib/auth/views.py" in login
  69. context_instance=RequestContext(request, current_app=current_app))
File "/var/www/peer/lib/python2.6/site-packages/Django-1.3.1-py2.6.egg/django/shortcuts/__init__.py" in render_to_response
  20. return HttpResponse(loader.render_to...

14 feb 2012 kl. 09:06 skrev MaLa:

> I've tryed to configure PEER for Remote Authentication and it doesn't
> work without that modification.

Sorry, I don't know a lot about PEER, Lorenzo has to help us out on that part.
I do know pysaml2 though :-)

Could you send me the pysaml2 configuration file you are using ?

-- Roland

Here you are:

SAML_CONFIG = {

    'xmlsec_binary': '/usr/bin/xmlsec1',

    'entityid': PEER_BASE_URL + '/saml2/metadata/',

    'attribute_map_dir': '/var/peer/attribute-maps',

    'service': {

        'sp' : {
            'name': 'PEER SP',
            'endpoints': {

                'assertion_consumer_service': [
                    (PEER_BASE_URL + '/saml2/acs/', saml2.BINDING_HTTP_POST),
                  ],

                'single_logout_service': [
                    (PEER_BASE_URL + '/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
  ],
                },

            'required_attributes': ['mail'],

            'optional_attributes': ['givenName', 'sn'],

            },
        },

    'metadata': {
 'local': ['/var/peer/idp_md/idp_metadata.xml'],
        },

    'debug': 1,

     'key_file':'/var/peer/certs/key.pem',
     'cert_file':'/var/peer/certs/cert.pem',

    'contact_person': [
        {'given_name': 'Lorenzo',
         'sur_name': 'Gil',
         'company': 'Yaco Sistemas',
         'email_address': '<email address hidden>',
         'contact_type': 'technical'},
        {'given_name': 'Marco',
         'sur_name': 'Malavolti',
         'company': 'IDEM GARR',
         'email_address': '<email address hidden>',
         'contact_type': 'administrative'},
        ],

    'organization': {
        'name': [('Idem Garr', 'it'), ('Idem Garr', 'en')],
        'display_name': [('IDEM', 'it'), ('IDEM', 'en')],
        'url': [('https://www.idem.garr.it/it', 'it'), ('https://www.idem.garr.it/en', 'en')],
        },

    'valid_for': 24,
    }

I'll try to reproduce this bug with the information you just supplied.

2012/2/14 MaLa <email address hidden>:
> Here you are:
>
> SAML_CONFIG = {
>
>    'xmlsec_binary': '/usr/bin/xmlsec1',
>
>
>    'entityid': PEER_BASE_URL + '/saml2/metadata/',
>
>    'attribute_map_dir': '/var/peer/attribute-maps',
>
>
>    'service': {
>
>        'sp' : {
>            'name': 'PEER SP',
>            'endpoints': {
>
>                'assertion_consumer_service': [
>                    (PEER_BASE_URL + '/saml2/acs/', saml2.BINDING_HTTP_POST),
>                  ],
>
>                'single_logout_service': [
>                    (PEER_BASE_URL + '/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
>                ],
>                },
>
>            'required_attributes': ['mail'],
>
>            'optional_attributes': ['givenName', 'sn'],
>
>            },
>        },
>
>    'metadata': {
>        'local': ['/var/peer/idp_md/idp_metadata.xml'],
>        },
>
>    'debug': 1,
>
>     'key_file':'/var/peer/certs/key.pem',
>     'cert_file':'/var/peer/certs/cert.pem',
>
>    'contact_person': [
>        {'given_name': 'Lorenzo',
>         'sur_name': 'Gil',
>         'company': 'Yaco Sistemas',
>         'email_address': '<email address hidden>',
>         'contact_type': 'technical'},
>        {'given_name': 'Marco',
>         'sur_name': 'Malavolti',
>         'company': 'IDEM GARR',
>         'email_address': '<email address hidden>',
>         'contact_type': 'administrative'},
>        ],
>
>    'organization': {
>        'name': [('Idem Garr', 'it'), ('Idem Garr', 'en')],
>        'display_name': [('IDEM', 'it'), ('IDEM', 'en')],
>        'url': [('https://www.idem.garr.it/it', 'it'), ('https://www.idem.garr.it/en', 'en')],
>        },
>
>    'valid_for': 24,
>    }
>
> --
> You received this bug notification because you are a member of pysaml2
> developers, which is subscribed to pySAML2.
> https://bugs.launchpad.net/bugs/931672
>
> Title:
>  Bug on metadata.py?
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/pysaml2/+bug/931672/+subscriptions

Thank You Lorenzo!

OK, so you're loading a local metadata file.
Would you mind sending me that too :-)

-- Roland

14 feb 2012 kl. 09:59 skrev MaLa:

> Here you are:
>
> SAML_CONFIG = {
>
> 'xmlsec_binary': '/usr/bin/xmlsec1',
>
>
> 'entityid': PEER_BASE_URL + '/saml2/metadata/',
>
> 'attribute_map_dir': '/var/peer/attribute-maps',
>
>
> 'service': {
>
> 'sp' : {
> 'name': 'PEER SP',
> 'endpoints': {
>
> 'assertion_consumer_service': [
> (PEER_BASE_URL + '/saml2/acs/', saml2.BINDING_HTTP_POST),
> ],
>
> 'single_logout_service': [
> (PEER_BASE_URL + '/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
> ],
> },
>
> 'required_attributes': ['mail'],
>
> 'optional_attributes': ['givenName', 'sn'],
>
> },
> },
>
> 'metadata': {
> 'local': ['/var/peer/idp_md/idp_metadata.xml'],
> },
>
> 'debug': 1,
>
> 'key_file':'/var/peer/certs/key.pem',
> 'cert_file':'/var/peer/certs/cert.pem',
>
> 'contact_person': [
> {'given_name': 'Lorenzo',
> 'sur_name': 'Gil',
> 'company': 'Yaco Sistemas',
> 'email_address': '<email address hidden>',
> 'contact_type': 'technical'},
> {'given_name': 'Marco',
> 'sur_name': 'Malavolti',
> 'company': 'IDEM GARR',
> 'email_address': '<email address hidden>',
> 'contact_type': 'administrative'},
> ],
>
> 'organization': {
> 'name': [('Idem Garr', 'it'), ('Idem Garr', 'en')],
> 'display_name': [('IDEM', 'it'), ('IDEM', 'en')],
> 'url': [('https://www.idem.garr.it/it', 'it'), ('https://www.idem.garr.it/en', 'en')],
> },
>
> 'valid_for': 24,
> }

    Yes sure! Here you are:

    idp_metadata.xml:

    <?xml version="1.0" encoding="UTF-8"?>
    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="https://idp.xxx.it/idp/shibboleth">

        <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">

            <Extensions>
                <shibmd:Scope regexp="false">unimo.it</shibmd:Scope>
            </Extensions>

            <KeyDescriptor>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
    MIIDLDCCAhSgAwIBAgIVAMByuzNVg9NccgI7pZbhZo1Hb5zGMA0GCSqGSIb3DQEB
    BQUAMBsxGTAXBgNVBAMTEGlkcC5sYWIudW5pbW8uaXQwHhcNMTExMDE3MTcyMzQw
    WhcNMzExMDE3MTcyMzQwWjAbMRkwFwYDVQQDExBpZHAubGFiLnVuaW1vLml0MIIB
    IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgz/7W1lCjc/KQDgTOWZB4Eq3
    8L/UCT80P6BNTVm5r4Iz9uIdKnLgVbalqqi/U7IpSMVzGb8fHoe6w98HACC2f34p
    dx4dA+kHQgUnVuwrCn4Xfe9uj26LCriRmNhfclSHN9fye5KKYsyie7K+1xU81AM/
    abRAhN8QFCdY/04Awhlu6wpZ1fnpjVTuT0vJfDmEQJGzLklmUNgraxOymdIwut3c
    uo6/c6BFoGrZP7wZAZtUEImTTAUvNSW1dtrbVgO4eWT3vFh2YTIc7kga6gEc9e/e
    m/hX387IjhRc2qOSacnjVvb8XroL5VoOA/3G9UUrrvqgop08aZav0W5xNKPArwID
    AQABo2cwZTBEBgNVHREEPTA7ghBpZHAubGFiLnVuaW1vLml0hidodHRwczovL2lk
    cC5sYWIudW5pbW8uaXQvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFDhLVKR/ord0
    hSCe2fo50gxY8yt0MA0GCSqGSIb3DQEBBQUAA4IBAQBaZhEcEMqM5YoE3fA5RuUY
    861MJ9CufJQf4x7wX+OHCn38y/wjslb75bX1fkAXAINfuCCLfpWLxRx1pwZmqwYp
    bbSX9phTe55pBwia4gWFYSEPzXrjzTFXwja+DpaGIxft4ueqkyxYIW9YKgRCQIBq
    C2uvovllJeLQmZ2qJF45wm67v4uFZzV+PI58nlyEdlyyjbFPJ3WomgiE5sGDJx2q
    ZN1w5d4lsJ/IrC6bZBHf5Ax/MsVTcRin+rI0V1qDVROvxt1JjcyIZyqj+1TuVLKK
    08sIFCHmvai0BwLpipr4xwzBUSJOVqfCbwIhgkhfxkby38wE7C0mGYQpO8YMGqs3

                        </ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </KeyDescriptor>

            <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.xxx.it:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>

            <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.xxx.it:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>

            <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
            <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

            <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.xxx.it/idp/profile/Shibboleth/SSO"/>

            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.xxx.it/idp/profile/SAML2/POST/SSO"/>

            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.xxx.it/idp/profile/SAML2/POST-SimpleSi...

Well, that's one less problem for me to solve :-)

I can't find any Organization information in the metadata file.
So I'm not surprised that the code couldn't find an organization name.

Granted, the code shouldn't raise an exception on this but rather just return the entityID or ...

Later versions are more robust in this respect.

-- Roland

14 feb 2012 kl. 10:45 skrev MaLa:

> Yes sure! Here you are:
>
> idp_metadata.xml:
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="https://idp.xxx.it/idp/shibboleth">
>
> <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
>
> <Extensions>
> <shibmd:Scope regexp="false">unimo.it</shibmd:Scope>
> </Extensions>
>
> <KeyDescriptor>
> <ds:KeyInfo>
> <ds:X509Data>
> <ds:X509Certificate>
> MIIDLDCCAhSgAwIBAgIVAMByuzNVg9NccgI7pZbhZo1Hb5zGMA0GCSqGSIb3DQEB
> BQUAMBsxGTAXBgNVBAMTEGlkcC5sYWIudW5pbW8uaXQwHhcNMTExMDE3MTcyMzQw
> WhcNMzExMDE3MTcyMzQwWjAbMRkwFwYDVQQDExBpZHAubGFiLnVuaW1vLml0MIIB
> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgz/7W1lCjc/KQDgTOWZB4Eq3
> 8L/UCT80P6BNTVm5r4Iz9uIdKnLgVbalqqi/U7IpSMVzGb8fHoe6w98HACC2f34p
> dx4dA+kHQgUnVuwrCn4Xfe9uj26LCriRmNhfclSHN9fye5KKYsyie7K+1xU81AM/
> abRAhN8QFCdY/04Awhlu6wpZ1fnpjVTuT0vJfDmEQJGzLklmUNgraxOymdIwut3c
> uo6/c6BFoGrZP7wZAZtUEImTTAUvNSW1dtrbVgO4eWT3vFh2YTIc7kga6gEc9e/e
> m/hX387IjhRc2qOSacnjVvb8XroL5VoOA/3G9UUrrvqgop08aZav0W5xNKPArwID
> AQABo2cwZTBEBgNVHREEPTA7ghBpZHAubGFiLnVuaW1vLml0hidodHRwczovL2lk
> cC5sYWIudW5pbW8uaXQvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFDhLVKR/ord0
> hSCe2fo50gxY8yt0MA0GCSqGSIb3DQEBBQUAA4IBAQBaZhEcEMqM5YoE3fA5RuUY
> 861MJ9CufJQf4x7wX+OHCn38y/wjslb75bX1fkAXAINfuCCLfpWLxRx1pwZmqwYp
> bbSX9phTe55pBwia4gWFYSEPzXrjzTFXwja+DpaGIxft4ueqkyxYIW9YKgRCQIBq
> C2uvovllJeLQmZ2qJF45wm67v4uFZzV+PI58nlyEdlyyjbFPJ3WomgiE5sGDJx2q
> ZN1w5d4lsJ/IrC6bZBHf5Ax/MsVTcRin+rI0V1qDVROvxt1JjcyIZyqj+1TuVLKK
> 08sIFCHmvai0BwLpipr4xwzBUSJOVqfCbwIhgkhfxkby38wE7C0mGYQpO8YMGqs3
>
> </ds:X509Certificate>
> </ds:X509Data>
> </ds:KeyInfo>
> </KeyDescriptor>
>
> <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.xxx.it:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
>
> <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.xxx.it:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
>
> <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
>
> <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.xxx.it/idp/profile/Shi...

The "metadata" are not only the metadata of IdPs that can communicate with the Service Provider?

It 's mandatory to have an IdP with the Organization and OrganizationName? YES, is required, because without it the code make these errors.

that's all?

Thank you!

Marco

14 feb 2012 kl. 14:19 skrev MaLa:

> The "metadata" are not only the metadata of IdPs that can communicate
> with the Service Provider?

No, there might be information about other entities too.

> It 's mandatory to have an IdP with the Organization and
> OrganizationName? YES, is required, because without it the code make
> these errors.

Well, there is no standard or anything like that that makes it mandatory.

Yes, the code raises an exception if no name can be found.
Later versions of the code doesn't, it just returns an empty string.

One could argue that the code that tries to lookup the name should be able to handle the
exception gracefully.

> that's all?

That's it! :-)

> Thank you!

You're well come!

-- Roland

Marco, can you tell us which version of pysaml2 are you using?

I think you are using 0.4.0 and that would explain the problem because, so far djangosaml2 is only tested with 0.2.1. The problem is that djangosaml2 has not this version frozen in its setup.py, which I'll do very soon.

14 feb 2012 kl. 15:00 skrev Lorenzo Gil Sanchez:

> Marco, can you tell us which version of pysaml2 are you using?
>
> I think you are using 0.4.0 and that would explain the problem because,
> so far djangosaml2 is only tested with 0.2.1. The problem is that
> djangosaml2 has not this version frozen in its setup.py, which I'll do
> very soon.

No, other information I've received makes me believe he uses 0.2.0 .

0.4.0 should not raise an exception like 0.2.X does it should just return an empty string.

-- Roland

I've followed the documentation to install PEER and all its dependencies.

After "easy_install peer" I've found in path " /var/www/peer/lib/python2.6/site-packages/ " these packets:

async-0.6.1-py2.6-linux-i686.egg
decorator-3.3.2-py2.6.egg
distribute-0.6.10-py2.6.egg
Django-1.3.1-py2.6.egg
django_recaptcha-0.0.1-py2.6.egg
django_registration-0.7-py2.6.egg
djangosaml2-0.3.2-py2.6.egg
django_vff-0.2b2-py2.6.egg
dnspython-1.9.4-py2.6.egg
easy-install.pth
fudge-1.0.3-py2.6.egg
gitdb-0.5.4-py2.6-linux-i686.egg
GitPython-0.3.2.RC1-py2.6.egg
httplib2-0.7.2-py2.6.egg
lxml-2.3.2-py2.6-linux-i686.egg
Paste-1.7.5.1-py2.6.egg
peer-0.8.0-py2.6.egg
pip-0.7.2-py2.6.egg
psycopg2-2.4.2-py2.6-linux-i686.egg
pyasn1-0.1.2-py2.6.egg
Pygments-1.4-py2.6.egg

pysaml2-0.2.0-py2.6.egg

python_memcached-1.48-py2.6.egg
recaptcha_client-1.0.6-py2.6.egg
repoze.who-2.0b1-py2.6.egg
setuptools.pth
smmap-0.8.2-py2.6.egg
South-0.7.3-py2.6.egg
zope.interface-3.8.0-py2.6-linux-i686.egg

is that correct?

If I do the easy_install peer I got pysaml2 0.4.0 and not 0.2.0 as you have.

Did you run that command today or is a previous run?

Something weird is happening with version dependencies :-(

Can I replace the package "pysaml2-0.2.0-py2.6.egg" whit "pysaml2-0.2.1" without problems?

There are other precautions to be taken into consideration?

They are actually the same package, it's just a missmatch in the version field of the setup.py

I just updated pypi so now there is only pysaml2 0.2.1, the 0.2.0 is gone.

Ok, I'm doing some progress. Now I can reproduce Marco's original problem:

Caught AttributeError while rendering: 'NoneType' object has no attribute 'organization_display_name'

Ok, I just fixed this bug at http://bazaar.launchpad.net/~pysaml2maint/pysaml2/main/revision/954?start_revid=954

Marco, you will need to wait for next Pysaml2 release and even so I still need to update djangosaml2 to work with Pysaml2 >= 0.4.0

In the meantime, the simplest workaround for this bug is to actually define an organization in your metadata.