Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Tweak to libSaml to support Encrypt-then-Sign signature Validation
See original GitHub issueI support IDP Initiated SSO with IDP’s that use both encrypt-then-sign and sign-then-encrypt .: I need to be able to support both. When “selecting” the x509 Cert(s) to verify in line https://github.com/tngan/samlify/blob/master/src/libsaml.ts#L475 from the Signature, the xpath select “queries” the entire SAML Response document and not just the signature Node. To fix this. add a “.” (dot), so xpath.select will not search the entire document. Without the “.” (dot), the [0].firstChild is the x509 cert used for encryption.
Fix (just adding the dot so xpath will not look in root):
var x509Certificate = xpath_1.select(".//*[local-name(.)='X509Certificate']", s)[0].firstChild.data;
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:10 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@haoleman Friday 15:30 UTC
I need to document something else.
@haoleman v2.2.0 is already bumped.