-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix assertion fallback #870
Conversation
c41891f
to
22f0d48
Compare
@Calpicow do you have a test case which demonstrates this? I'd like to avoid regressions. |
Yes, I'll add some tests. |
22f0d48
to
0d7d624
Compare
Tests added |
Edit: Appears to be regression in goxmldsig
|
@Calpicow looking into this now |
0d7d624
to
fa6e6a7
Compare
fa6e6a7
to
965bfb0
Compare
Tests are passing |
connector/saml/saml.go
Outdated
@@ -500,8 +501,8 @@ func verify(validator *dsig.ValidationContext, data []byte) (signed []byte, err | |||
verified = true | |||
doc.SetRoot(transformedResponse) | |||
} | |||
assertion := response.SelectElement("Assertion") | |||
if assertion == nil { | |||
assertion, err := etreeutils.NSSelectOne(response, "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you comment a little more on what this change is doing and why it's required?
965bfb0
to
6f9ef96
Compare
Updated. How's that? |
perfect, thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, merging on green.
Fix assertion fallback
This fixes the case where all xmlns are contained within the top level element.