Tweak to libSaml to support Encrypt-then-Sign signature Validation
See original GitHub issueI support IDP Initiated SSO with IDP’s that use both encrypt-then-sign and sign-then-encrypt .: I need to be able to support both. When “selecting” the x509 Cert(s) to verify in line https://github.com/tngan/samlify/blob/master/src/libsaml.ts#L475 from the Signature, the xpath select “queries” the entire SAML Response document and not just the signature Node. To fix this. add a “.” (dot), so xpath.select will not search the entire document. Without the “.” (dot), the [0].firstChild is the x509 cert used for encryption.
Fix (just adding the dot so xpath will not look in root):
var x509Certificate = xpath_1.select(".//*[local-name(.)='X509Certificate']", s)[0].firstChild.data;
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:10 (10 by maintainers)
Top Results From Across the Web
No results found
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@haoleman Friday 15:30 UTC
I need to document something else.
@haoleman v2.2.0 is already bumped.