xmlsec can not read already opened file (djangosaml2)

[jesusangel]

Hello:

I am facing some issues while trying to make the djangosaml2 sample work in Windows. I can not sign the request before sending it to the IdP because xmlsec can not read the temporary file with the assertion XML. The problem is that this temporary file keeps opened by python process and the xmlsec process can not open it.

Code Version

pysaml2 7.4.2
djangosaml2 1.8.0

Expected Behavior

The _run_xmlsec method signs the temporary file XML.

Current Behavior

DEBUG 2023-12-05 15:29:16,726 sigver 22356 11672 xmlsec command: C:\Users\myuser\AppData\local\programs\xmlsec\bin\xmlsec.exe --sign --privkey-pem N:\SourceCode\djangosp\private.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest --node-id id-SFVg3EEXWZWs8abLc --output C:\Users\myuser\AppData\Local\Temp\tmpjkz4mohv.xml --lax-key-search C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml
ERROR 2023-12-05 15:44:30,729 sigver 22356 11672 returncode=1
error=I/O error : Permission denied
I/O error : Permission denied
I/O warning : failed to load external entity "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"
Error: failed to parse xml file "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"
Error: failed to load template "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"
Signature status: ERROR
Error: failed to sign file "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"

I think the problem is in sigver.py sign_statement function:

781: tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
796: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

The make_temp function does not close the tempfile after creating it, so the xmlsec.exe process can not open it.

I managed to copy the assertion XML to other file and I was able to sign it:

xmlsec.exe --sign --privkey-pem N:\SourceCode\djangosp\private.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest --node-id id-SFVg3EEXWZWs8abLc --output C:\tmp\out.xml --lax-key-search C:\tmp\tmp.xml
Signature status: OK

Possible Solution

No idea.

Steps to Reproduce

Just clone the djangosaml2 project, configure it and try to login.

[peppelinux]

this issue should be moved to pysaml2

the issue is related to windows's kernel that have tese kind of problem in accessing files in parallel R/W ops

[jesusangel]

this issue should be moved to pysaml2

the issue is related to windows's kernel that have tese kind of problem in accessing files in parallel R/W ops

The issue is already in pysaml2, isn't it? Maybe you sugest moving the issue to djangosaml2?

[kktrum]

Did you manage to find a fix for this? I'm having the same issue.

[jesusangel]

No, sorry. It seems thats an OS "feature".