@@ -728,9 +728,7 @@ def add_sign(xml, key, cert, debug=False, sign_algorithm=OneLogin_Saml2_Constant
728728 raise Exception ('Empty string supplied as input' )
729729
730730 elem = OneLogin_Saml2_XML .to_etree (xml )
731- xmlsec .enable_debug_trace (debug )
732- xmlsec .tree .add_ids (elem , ["ID" ])
733- # Sign the metadata with our private key.
731+
734732 sign_algorithm_transform_map = {
735733 OneLogin_Saml2_Constants .DSA_SHA1 : xmlsec .Transform .DSA_SHA1 ,
736734 OneLogin_Saml2_Constants .RSA_SHA1 : xmlsec .Transform .RSA_SHA1 ,
@@ -746,16 +744,26 @@ def add_sign(xml, key, cert, debug=False, sign_algorithm=OneLogin_Saml2_Constant
746744 if len (issuer ) > 0 :
747745 issuer = issuer [0 ]
748746 issuer .addnext (signature )
747+ elem_to_sign = issuer .getparent ()
749748 else :
750749 entity_descriptor = OneLogin_Saml2_XML .query (elem , '//md:EntityDescriptor' )
751750 if len (entity_descriptor ) > 0 :
752751 elem .insert (0 , signature )
753752 else :
754753 elem [0 ].insert (0 , signature )
754+ elem_to_sign = elem
755755
756- elem_id = elem .get ('ID' , None )
757- if elem_id :
758- elem_id = '#' + elem_id
756+ elem_id = elem_to_sign .get ('ID' , None )
757+ if elem_id is not None :
758+ if elem_id :
759+ elem_id = '#' + elem_id
760+ else :
761+ generated_id = generated_id = OneLogin_Saml2_Utils .generate_unique_id ()
762+ elem_id = '#' + generated_id
763+ elem_to_sign .attrib ['ID' ] = generated_id
764+
765+ xmlsec .enable_debug_trace (debug )
766+ xmlsec .tree .add_ids (elem_to_sign , ["ID" ])
759767
760768 digest_algorithm_transform_map = {
761769 OneLogin_Saml2_Constants .SHA1 : xmlsec .Transform .SHA1 ,
0 commit comments