-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return response' "InResponseTo" field from validation #33
Conversation
488a23e
to
5139359
Compare
Fixed the failing tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for adding support for this! I agree that it is probably sensible to support this and validate the tag whenever possible.
I have commented on a few bits with some suggestions, which I hope make sense. Let me know what you think.
5139359
to
a9d647d
Compare
I think I've addressed all the comments in new requests and I've re-based the PR onto master. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thank you! Just a few minor points to change before this can be merged.
@Philonous I made the few last changes, rebased this, and merged it. Thank you for again your work on this! 馃槃 |
This PR adds support for
InResponseTo
inResponse
elementsinResponseTo
toResult
typevalidateResponse
function to return it together with the validated assertionMUST
) be matched to request IDs, also depending on if unsolicited assertions are allowed.According to saml-core [1]:
Also compare this stack exchange post [2] which argues that this value should be validated
I don't think this validation has to happen within this library, but it should be returned so that callers of the library can implement it themselves, similar to how checks for duplicate
assertionId
are left as an exercise to the reader 馃槄Checklist
@since
annotations.