From 9ff576c5669c1c3952f14ce863a4d788a5d065b3 Mon Sep 17 00:00:00 2001
From: Gene Wood <gene_wood@cementhorizon.com>
Date: Thu, 21 May 2015 11:24:42 -0700
Subject: [PATCH] Add support for using an https ACS URI

---
 app.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 0944c48..9223975 100644
--- a/app.py
+++ b/app.py
@@ -83,6 +83,11 @@ def saml_client_for(idp_name=None):
         "idp_initiated",
         idp_name=idp_name,
         _external=True)
+    https_acs_url = url_for(
+        "idp_initiated",
+        idp_name=idp_name,
+        _external=True,
+        _scheme='https')
 
     # NOTE:
     #   Ideally, this should fetch the metadata and pass it to
@@ -108,7 +113,9 @@ def saml_client_for(idp_name=None):
                 'endpoints': {
                     'assertion_consumer_service': [
                         (acs_url, BINDING_HTTP_REDIRECT),
-                        (acs_url, BINDING_HTTP_POST)
+                        (acs_url, BINDING_HTTP_POST),
+                        (https_acs_url, BINDING_HTTP_REDIRECT),
+                        (https_acs_url, BINDING_HTTP_POST)
                     ],
                 },
                 # Don't verify that the incoming requests originate from us via