Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BugFix] sign_alg/digest_alg policy config patched #216

Closed
wants to merge 2 commits into from
Closed

[BugFix] sign_alg/digest_alg policy config patched #216

wants to merge 2 commits into from

Conversation

peppelinux
Copy link
Member

@peppelinux peppelinux commented Apr 13, 2019
edited
Loading

This PR fixes: #212

Now in configuration of both backend and fronted we can use both W3C format or saml2.xmldsig attr name like follows:

            # they works both
            # sign_alg: 'SIG_RSA_SHA384'
            # digest_alg: 'DIGEST_SHA384'
            sign_alg: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
            digest_alg: "http://www.w3.org/2001/04/xmlenc#sha256"

The merge would be from this specialized branch created for this patch, see diffs for better view.
"Unfortunately" this code is too much coupled with my pplnx-dev branch and in this PR wll also came a support for selectable sign and digest algs for satosa backeds, already purposed here:
#214

Hope you like and also you need it as I needed it when I developed it

All Submissions:

  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Have you added an explanation of what problem you are trying to solve with this PR?
  • Have you added information on what your changes do and why you chose this as your solution?
  • Have you written new tests for your changes?
  • Does your submission pass tests?
  • This project follows PEP8 style guide. Have you run your code against the 'flake8' linter?

@peppelinux peppelinux mentioned this pull request Apr 13, 2019
Closed
@peppelinux
Copy link
Member Author

I there any possibility to discuss this patch together and, after a good sematic refactor, merge it to the master branch? This PR is just a bugfix

@peppelinux
Copy link
Member Author

@c00kiemon5ter is there any revisions on this PR?
Probably the funcion named "xmldsig_validate_w3c_format" can be modified and some other things, let me know

@peppelinux
Copy link
Member Author

@c00kiemon5ter it's just a bugfix, I can refactor this as well if you start a revision.
This could be coupled with https://github.com/IdentityPython/SATOSA/pull/214/files

@c00kiemon5ter
Copy link
Member

c00kiemon5ter commented Dec 14, 2020
edited
Loading

Also closing this. This should be handled by pysaml2 and the signing_algorithm and digest_algorithm options.

The frontend used the sign_alg and digest_alg options and we should now remove them.

As I noted on #214 (comment) YAML and satosa are not responsible to resolve symbols.

            # they works both
            # sign_alg: 'SIG_RSA_SHA384'   # NOT OK
            # digest_alg: 'DIGEST_SHA384'  # NOT OK
            sign_alg: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"  # OK but now with signing_algorithm
            digest_alg: "http://www.w3.org/2001/04/xmlenc#sha256"          # OK but now with digest_algorithm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c00kiemon5ter c00kiemon5ter Awaiting requested review from c00kiemon5ter

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sign_alg/digest_alg policy config is broken
2 participants
@peppelinux @c00kiemon5ter