From cd446e3d08f8adb0b3541442c3f7a32c16c8385f Mon Sep 17 00:00:00 2001
From: Andreas Richter <andy.richter@bridge-way.com>
Date: Mon, 5 Jan 2015 09:22:56 -0500
Subject: [PATCH] Fix error when response has no cert but outstanding_certs is
 defined.

---
 src/saml2/entity.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index f9d290eea..eed8233f4 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -872,9 +872,13 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
 
             if response:
                 if outstanding_certs:
-                    _, key_file = make_temp(
-                        "%s" % outstanding_certs[
-                            response.in_response_to]["key"], decode=False)
+                    cert = outstanding_certs[
+                        response.in_response_to]
+                    if cert:
+                        _, key_file = make_temp(
+                            "%s" % cert["key"], decode=False)
+                    else:
+                        key_file = ""
                 else:
                     key_file = ""
                 response = response.verify(key_file)