Certificate validation for RSA is optional #226
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the encryption method is RSA, the library expects that a certificate is embedded within the ACS either under
./KeyInfo/X509Data/X509Certificate
or./KeyInfo/X509Data/X509IssuerSerial
to verify that the public part of our private key is valid.After much investigation, it appears that this is not mandatory as per the SAML standard and it's just an optimisation to let the provider know ahead of time that the Key won't work.
To validate this, we did the following:
First, the SAML 2.0 Core Standard (section 2.3.4) states that the
<EncryptedAssertion>
element must be compose of: at least one<xenc:EncryptedData>
and zero or more of<xenc:EncryptedKey>
Second, The only required elements are
<xenc:EncryptedData>
and<xenc:EncryptedKey>
. These need to be defined according to the [XMLEnc] specification.Third, Section 2.2 of the XMLenc standard describes an acceptable schema for both
EncryptedData
andEncryptedKey
. For both of these, the<X509Data>
element is not mandatory by any sorts. Also, the<EncryptedKey>
definition reads:Finally, the algorithm
https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
specification makes no mention of a certificate validation process.To conclude, I think the original author's intention with this validation is referenced in this text of the XMLenc standard (section 3.5.1):
Which states that applications (or libraries in this case) can add additional validations but these are subjective.
Instead of supporting the Recipient element which is optional, we think the author attempted to find a certificate embedded within the payload and use that to verify the key
We believe this validation is an optimisation and is safe to keep it optional. This PR does that, which no-ops if we have failed to find an embedded certificate in the response.