diff --git a/src/passport-saml/saml.ts b/src/passport-saml/saml.ts
index 54a381a5..37254a90 100644
--- a/src/passport-saml/saml.ts
+++ b/src/passport-saml/saml.ts
@@ -614,11 +614,8 @@ class SAML {
// See https://github.com/bergie/passport-saml/issues/19 for references to some of the attack
// vectors against SAML signature verification.
validateSignature = function (fullXml, currentNode, certs) {
- const xpathSigQuery = ".//*[" +
- "local-name(.)='Signature' and " +
- "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#' and " +
- "descendant::*[local-name(.)='Reference' and @URI='#"+currentNode.getAttribute('ID')+"']" +
- "]";
+ const xpathSigQuery = ".//*[local-name(.)='Signature' and " +
+ "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']";
const signatures = xpath(currentNode, xpathSigQuery);
// This function is expecting to validate exactly one signature, so if we find more or fewer
// than that, reject.
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-signed.1advice-signed.xml b/test/static/signatures/invalid/response.root-signed.assertion-signed.1advice-signed.xml
deleted file mode 100644
index d8dce667..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-signed.1advice-signed.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
- 32by6AdEK8sMSSW24h3290YngOx6o14TtYirwH57Plc=INVALID-IilJ1HabeLEMnQXR3olQgWQ6AzGgG/f0PdecFLSfOiOzXgHsEhnKdCoKrLvkFNW+GHMyw1FHfYE0TP+O62SFBxbzQVKD4VrlEAeJwISiH/MtLiFiARXYrvshD/vJOpQgiR3WJW3IuqsZPjrDzflnwr7CJ48TooTZVY3m0kDh+JCOKsaHg76cPOm51V+ZJmVe6aBPsIMRYyUJY4WcikpHvMDGL+MlUow0rC6qiJ2JzKTs/yAvp0TcRHSM//0s5h8Z4R67r/ECbLFs2f4WM1ggYKqZpasNQbeFFey4/XdRvRHDcQn711HxBLsam+qD6EFnJO7FWkV033F6WkDGwQheDA==
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- MDfWSGB2QmoV3THz9KU/8vLcYnTO2G2Lf+0F/DNDu78=INVALID-INVALIDZ3KfW/E9VdUhxQN4nMNFFlp2g7A0SZV0dnU8UTqKT5loy0+lniWoSf2fJjX0fgEackedWBDGwY4hM2W1xbC3r0MlS3xXudRFQFY04uIeVStt/aYgSckDnUsffkXpsw2agGOav1bZdgNIblaZYt5nIBWRUFMmJUnaR5XJ1S311G0gGxBzOzw4jYqKoWfJ/3bygqZxCYhPmOFBYPi2tLIGPMhC0Gt1+lbO9ociMz3k+z5zWCXRqRfq6zN9Ks5x9adS0ofbbaXRArwfYfXUUaFA9XrkzphwdNZy0KJSfQWtHKMyddHVFepq38/GjipCSnYV6TiCA4YzYxsShnge4ctzjQ==
-UvTBtpd/QsNbEZaTVdWTUj2vYN+oBjYg/gTmLYChv9A=INVALID-INVALIDdDu5iloo/Ah8Wf5oe80SZJMQsfsaKisKkPSCGXjquNOomqZsct+khxXiPWSrIksQmHtbcUtx1PExdZJ/P9BRjtYeUi/PRLiXz6rON+k9m2BVWmZUANXFF4yhZkU9q0WNPoETSpWR1laO3o0+sAwD6BoZu5q5+mBisg7OJLO61qB9c/VSc6ypH3JjcFzZm2Q8/R1LZtM/JtKbgzsR59SlSTKuW1Tz0pU0L700o/LfLBgyflfaSFUQxhlZmOpvxN9BKhpOU0czhvlKOMMndztlF0BLNVM1NyOjO6qcKvxxJoW6LGAzAUl9pWC6WoypzsIUnx+XUBsHyoz9I6Y1cikuZw==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-signed.1advice-unsigned.xml b/test/static/signatures/invalid/response.root-signed.assertion-signed.1advice-unsigned.xml
deleted file mode 100644
index 0af701d0..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-signed.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- kObrMLtwlZT3OYmstzY2kzYZN8CcmcYla1af9ZT/9/0=INVALID-vc2FGUjV17K+lHN186mhOMvBfgyTNnkM/67byJqlQUR0MCaTigBtcKtkr4dZm05umtnl7QHX35TAUByGtaggk8lj/3Ge+R086/8GGIgAUctwNGPlUtOnLXmvW7JQj70BeTXaS1QBsDamkePzCGxQDI92wKw3CPkFsX2lXLAgSLtfzOmnJqvxU6x+ItYY7ocnoruuEMvS7YYpJ+CGqe6nQ5zdglD2JVefjWXUq7sU1J2mZ9f1WoHdTWBUvwX0BgEUg/DFknueBaI7ZlxoL7eIs4pen4DcLTtUTsHX50L1cr4piaEwqqSj1U/pvfqa5Zpn/VLmAx2ia0ZCHlYN1LIeXw==
-vEwbdEHKTaKHy0gAH81FzX22qUlbHDiIz25CdLDIUHA=INVALID-UurDWgiukshWcaeh6wT6uQS8xLGpJ+SwmgG6lynlrI/IH3k6ltdwiODjRUwQqY6C1UtH1h0cdJR+B2VB4a3w62XEM1qZChyO1QQ85JYyWfqhhkml8XQkZbtjBihc5Rd4Zy0h4B48+yO8f5SN18E9RWLAWOpV1fc+fbDB+cuxMjHVbH5/UyPyGWObETpSP8EaVym/EOUHiUSxYgZz3gN2RGZKryBOYePeN7Yft/rNLkC2aWSjJ6uaIUUty2DeeqtWF0cEW+mSbo1xjZfN96eGfXGhyrhRBTQSioYxphMlj5Hp1Vx/3lWw+E11JRjdsoksFxvdF38I4Xzf5/Qm9DQxCQ==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-signed.2advice-signed.xml b/test/static/signatures/invalid/response.root-signed.assertion-signed.2advice-signed.xml
deleted file mode 100644
index ae50676b..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-signed.2advice-signed.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
- 32by6AdEK8sMSSW24h3290YngOx6o14TtYirwH57Plc=NcDa+Q6qO371Bv6aBRhpuHzrJuPgWPMl0eMtnKJAeDY=INVALID-cI8mW+14H4l/yqkjb1+QBnBxnGzigngNweTd1euReBLqO/g9a+YpXKH8fgQ9RRZh+L5ZNxLFONTQwCijfL+jFSZLhLPNhlg/Iyh4PlQKkjBXY3cY2n1Aonvrq+A75FSJEDtvqCXtevAO8GP+3pmEYQ4g2GhveUBjYXM6XQafTNxduYnunB/w1QWR9Wq0pvn2PAmGxoR3MbNFCYTghHb6I3/fTz+KMv67DfqkUi5A77xSu9ZGopaYUPS0Hqbv8W/0urxBXOO1rl95W6M3+uP3tAoQkncocRrf2hrUztC1fnYD+A5zYXH4neF37mXysi0czrMbGL0ASB5TEP2chOj9cg==
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- OgGJSo72uGxRrLgYu7+tIDYnHmtQpEf/TMTO51+YKvA=INVALID-O9XOsqakfZPBpEoD2ZpOG8TUatw0i/v2GbPqkCdncJeyVmI6yuMg/5XXRhvMHQ4+zH/Vox8VBeK3uvNvCTNSV/hzuYlUf1WM89BUCghb0Kcw7KlbdUBKPRaHNG71uSsaZxTVKydVBpK9sBiXU+GRWMa0aWzmC+oR9UKEoozoR9Chi6VaTNFMfa2rkbC51gslZ5Qb28L9P1GhEIK+1hgtcrdEBIdZ/0W1QE93YPvJ41tgsNxoT7PCoSPgCCmVi5QTwNideLP64HTqd/rkzBpseTm8dQdySoCbll1Q/nKgTlyPyJsZ90RFjA5f4LChSRyeOyWHERPSC7V4n72l+yDtxQ==
-/AmA/x3mIGOibT0T0SRNUVA+SGKf52taHmkzZU4JcqU=INVALID-eEggu1rVjg2MOUsI0IYLTfQ/nYGbMdF10CWxbz1F70JGGpqvAp9emQpLftqT6LwKG2T6FWapEZzvp/WmRUFM45Ek2y+MMkA5rfAv2oMPX48kLEz5h2m1LCnbC++rHAgfoanCFAcpZxOvtQkmnVuLjQgRXfixqmgXfMtJxBeEik+6MFUsWRhZTS4tGIbUDdxz6n5m9umGwx3PKPhMj4QcTJUZqQmIOYmMUDvtisLU6Wr8RXRqkmaIB8U0+ikZjktzeo817H8afK9XeBVs0BHAp6CzXerYP9NT5GAoB4kPDQPqJSiqSiOrmF/cxDywElZwxNpvyePPDfBPpjRNB1bDKQ==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-signed.2advice-unsigned.xml b/test/static/signatures/invalid/response.root-signed.assertion-signed.2advice-unsigned.xml
deleted file mode 100644
index 6a96131d..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-signed.2advice-unsigned.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- gmr1amfM3zV7QhK1Y6iPRpbqzgxl5hNn8mn/NuINTo0=INVALID-hoEErb+EJYbpU2WUuK7cJK3bOK+xAgQna5TtPHHuUYt44nDLPJd72SdR/ZKH8foZtxwwHZ2vP2DEygE1yPSaND4pOUlARPhIFLOopcei7s5UXl2Ynf22j92swVoYYcsbLDLLid6shsgZJnnPTCpCoHZHcGoXHZI9QQbZZd4w/DnGMKIN8DcWC+1E9ARMlJf4MV2eZEZtM3CRlvB+X+gMWMSDyvPg2hQZ4Yar2X2xAKeaka4Ua/rNRrD8SzRcZV6V2Jtga5BtYdra63FirchLK//pGFwRceeom1Dj0GpO1H7LWIgl5gP3AZGgAr8YPXCD3ISBxvm/Yw81UIDH49SMNQ==
-5Bf68tIF9NwX7tsKQzin35UkKg+RArZNAu3oaF2r3EU=INVALID-FWfMZAIYkhfD43c+D736eEnjAMBKYuDKYsc74BRIFg6gBIve43QjkGaqzTEfd8zT47SyPpL1t7YdFaxs4z4B5ZXvbgYM4CvXKi6mtNwushvUztaMNXoDmSq1fvZuWeLqhbpAD3nbxRtgQf/mqPhLL2eFoMgJ9AYInOULpNBjqJ3dEVm/Z8Hh0Ve/alQLEzRX4BpJBXn+XDoBloj79A3Bp/8MiHGt+cPTIcsZWw4Tf6ZX65IgWYAqVHV6ejA8zXZ+8Bec+zGDsMdZhM03loTjaivAbD7ADD+bp07ubNaaO0q0YveHYcFe1VJMNJhw7xNEiPUsxW6pUEFcfJq3CNbjbw==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-signed.xml b/test/static/signatures/invalid/response.root-signed.assertion-signed.xml
deleted file mode 100644
index 4b24cf47..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-signed.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- nT8hRy7WnO4n3hiYyBE0zgE/Vwj0aqQUhFxE+PvW94c=INVALID-To9fxKoAEyoD0z0RNJg6xB5HFeiUaOJLwAkcGMoGHYO4eURvTGbDVfM1e/7B2ALoCEaouKHF5kmnSjfks3YNQ1/Gfz0wxrrpXZ8nM/Egj3A/MRYFf6TgN9mzaGisle5nctRDK2V7UzrQx+5emBgUYWjXr6j5Xz+9XorcS5whVVE2jfIZBqTJ3uAlm3JLiwWVAiGrgvjjFEYow4r7zSJ6f2SNyC78t3Hvjngfa8LX9YwyP1gEKXWA1Egr3M5LWp76BbuErEs6vNQRW8xEen5aeDLRMBbsSEn3AOzBDDWqAN0G7r8NWb/S39twFOJF0xFZKpVvCv/0wODs4ZEVTbuojA==
-qYWgtqJ5/zkxUD+GIZ5TvaItfMYYjpMB8XMFeATHdTM=INVALID-fdEmRX3FdcD+w3TLsF3Q57fOFCZJ/psl8+H2qmBgRw5VmUECr/wjFHdO4Sazu3azrmoDwsc6Y2aVGn6+jX3M00xsp6P2rYQQEwmjRdv1n05YP4bo4hVeuj0chJS5gwfPuFyWlgO1S98OXVOhE2WPAla1zKdeecVxHvNiXcO775ObGmifS4xT04QU/VLZdhYeUVR3EOCD1oqWNmzfsKXqcCsBMfPB9X3P+wrhAWz2cCb4RXmNP3wnlAxfC3M7qQruy2yW2aqsxg6bA/VvJ2HkBzSx7B2tBQO7D56KAMG+coG2QlR6eExQyeAG/Iaz7h006Y1EZXKcJSXunLCzPog3Kw==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-unsigned.1advice-unsigned.xml b/test/static/signatures/invalid/response.root-signed.assertion-unsigned.1advice-unsigned.xml
deleted file mode 100644
index ba19b93b..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-unsigned.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-5wg810GLqW+t9PLsVIA4HowQrP1ORKYuYG8l7B8rNAw=INVALID-JDIzw+1kv3SMfvJF3IeF4tSr2/VosORAo2epsDsRCjMjjDinuIZowgObOXyf1AAZK/HPZnMcIDoow3C55HdA8RrepVzyJVUY8Umf3BQKvP8vNbwnnA1W81sa0hMLd6Lqy2/zEN09jQ1Gpm2VKsIE5TLILKGyO4MjcsTSSVVq9jfhOHrAoWmRnCIO3PdB3sB/baKTZPZUiQzpywyZY2ucGcSdmUkPhdlM0FvZ0dQ7OaAIxhDGLzSJbnM6Zfm/t62JY3xXH/Nl9QuJx4z0W314Ak/pvoLkHm53oziQnfRSr38CLGB+efiKWCarHkShbtMHhqxJU2ehnx6Pobgz8wV3nw==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-unsigned.2advice-unsigned.xml b/test/static/signatures/invalid/response.root-signed.assertion-unsigned.2advice-unsigned.xml
deleted file mode 100644
index 211f3c09..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-unsigned.2advice-unsigned.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-8L+EbdtsrQn2ojFJPsTFRhGEdC6Ub9Evxrj3KEXWPyY=INVALID-Bca3aGYXbRyifnsFaHcWilzpuWbBjQ5i8/HmXt5dFIrWO8yJD4Qdeb86J2/2CHTpm5J77Z3Ww1CVoodagkwiDGuj/CjUeBTWyVzDuZsGRH/h/dL9i083udnpt2V1/vIyq1eU6qJzjRW6xAT6ObY+f9/lQ8wpzgRDc+s7X0k2uGhgwknJDjCb8xyr6m31rJNGnR/TZFrbKgpjrfUX1l51A7Q0ctkl3bjATnZLYebmgUJfri7WoEO4kkkn/11GpCl+UvOU86QJw5iSCFqivuDJl94zmVl0cx0fhYvgmqQ6aN2cnSIbANisMsL9cZi6030pIwrHKLmzDDTrcJw9TVneZQ==
diff --git a/test/static/signatures/invalid/response.root-signed.assertion-unsigned.xml b/test/static/signatures/invalid/response.root-signed.assertion-unsigned.xml
deleted file mode 100644
index 668a05bd..00000000
--- a/test/static/signatures/invalid/response.root-signed.assertion-unsigned.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-tXVP7qLQ2AY2XRYyxjUHlZFmTclDPcWPF5s98mqi3N4=INVALID-JIQ+CHFnBpau/97L5GRFIFtvpHfcpEynzTDFcJrApogHvVXubmUWXtOcOCloepK3gkPdMtPdsf/t86BDdXU9hK9uwTIa23utAu5Btgs+mK1YIvIMyWddtXysEu34T5jNZs8F/bG2xug1nSn8BrL9s2x1yui66noCYD/mGjVbsJY76abKXKnRblnyGa0Iqx3T1qSo2bcTnTP/NvGapr3Fg5jby6TnuCBqH0KyhnqJL8hbCcRQXKUzLYIk3RcOfaRvVN/WeQD0SdWmY8EMTePUxkbOTGAgj7prFNI3eb8FZsfHPCL9R1H39veVaBUU/hM/8jm9FZK+0ccaTNhlj8tHhQ==
diff --git a/test/static/signatures/invalid/response.root-unsigned.assertion-signed.1advice-signed.xml b/test/static/signatures/invalid/response.root-unsigned.assertion-signed.1advice-signed.xml
deleted file mode 100644
index 66d43a17..00000000
--- a/test/static/signatures/invalid/response.root-unsigned.assertion-signed.1advice-signed.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
- 32by6AdEK8sMSSW24h3290YngOx6o14TtYirwH57Plc=INVALID-IilJ1HabeLEMnQXR3olQgWQ6AzGgG/f0PdecFLSfOiOzXgHsEhnKdCoKrLvkFNW+GHMyw1FHfYE0TP+O62SFBxbzQVKD4VrlEAeJwISiH/MtLiFiARXYrvshD/vJOpQgiR3WJW3IuqsZPjrDzflnwr7CJ48TooTZVY3m0kDh+JCOKsaHg76cPOm51V+ZJmVe6aBPsIMRYyUJY4WcikpHvMDGL+MlUow0rC6qiJ2JzKTs/yAvp0TcRHSM//0s5h8Z4R67r/ECbLFs2f4WM1ggYKqZpasNQbeFFey4/XdRvRHDcQn711HxBLsam+qD6EFnJO7FWkV033F6WkDGwQheDA==
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- MDfWSGB2QmoV3THz9KU/8vLcYnTO2G2Lf+0F/DNDu78=INVALID-Z3KfW/E9VdUhxQN4nMNFFlp2g7A0SZV0dnU8UTqKT5loy0+lniWoSf2fJjX0fgEackedWBDGwY4hM2W1xbC3r0MlS3xXudRFQFY04uIeVStt/aYgSckDnUsffkXpsw2agGOav1bZdgNIblaZYt5nIBWRUFMmJUnaR5XJ1S311G0gGxBzOzw4jYqKoWfJ/3bygqZxCYhPmOFBYPi2tLIGPMhC0Gt1+lbO9ociMz3k+z5zWCXRqRfq6zN9Ks5x9adS0ofbbaXRArwfYfXUUaFA9XrkzphwdNZy0KJSfQWtHKMyddHVFepq38/GjipCSnYV6TiCA4YzYxsShnge4ctzjQ==
-
diff --git a/test/static/signatures/invalid/response.root-unsigned.assertion-signed.1advice-unsigned.xml b/test/static/signatures/invalid/response.root-unsigned.assertion-signed.1advice-unsigned.xml
deleted file mode 100644
index 81a3467e..00000000
--- a/test/static/signatures/invalid/response.root-unsigned.assertion-signed.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- kObrMLtwlZT3OYmstzY2kzYZN8CcmcYla1af9ZT/9/0=INVALID-vc2FGUjV17K+lHN186mhOMvBfgyTNnkM/67byJqlQUR0MCaTigBtcKtkr4dZm05umtnl7QHX35TAUByGtaggk8lj/3Ge+R086/8GGIgAUctwNGPlUtOnLXmvW7JQj70BeTXaS1QBsDamkePzCGxQDI92wKw3CPkFsX2lXLAgSLtfzOmnJqvxU6x+ItYY7ocnoruuEMvS7YYpJ+CGqe6nQ5zdglD2JVefjWXUq7sU1J2mZ9f1WoHdTWBUvwX0BgEUg/DFknueBaI7ZlxoL7eIs4pen4DcLTtUTsHX50L1cr4piaEwqqSj1U/pvfqa5Zpn/VLmAx2ia0ZCHlYN1LIeXw==
-
diff --git a/test/static/signatures/invalid/response.root-unsigned.assertion-signed.xml b/test/static/signatures/invalid/response.root-unsigned.assertion-signed.xml
deleted file mode 100644
index d798f2d6..00000000
--- a/test/static/signatures/invalid/response.root-unsigned.assertion-signed.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- nT8hRy7WnO4n3hiYyBE0zgE/Vwj0aqQUhFxE+PvW94c=INVALID-To9fxKoAEyoD0z0RNJg6xB5HFeiUaOJLwAkcGMoGHYO4eURvTGbDVfM1e/7B2ALoCEaouKHF5kmnSjfks3YNQ1/Gfz0wxrrpXZ8nM/Egj3A/MRYFf6TgN9mzaGisle5nctRDK2V7UzrQx+5emBgUYWjXr6j5Xz+9XorcS5whVVE2jfIZBqTJ3uAlm3JLiwWVAiGrgvjjFEYow4r7zSJ6f2SNyC78t3Hvjngfa8LX9YwyP1gEKXWA1Egr3M5LWp76BbuErEs6vNQRW8xEen5aeDLRMBbsSEn3AOzBDDWqAN0G7r8NWb/S39twFOJF0xFZKpVvCv/0wODs4ZEVTbuojA==
-
diff --git a/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml b/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml
deleted file mode 100644
index 8e1c271b..00000000
--- a/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-
diff --git a/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml b/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml
deleted file mode 100644
index 6532a91c..00000000
--- a/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-
diff --git a/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.xml b/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.xml
deleted file mode 100644
index 90688fa1..00000000
--- a/test/static/signatures/invalid/response.root-unsigned.assertion-unsigned.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-
diff --git a/test/static/signatures/valid/response.root-signed.assertion-signed.1advice-signed.xml b/test/static/signatures/valid/response.root-signed.assertion-signed.1advice-signed.xml
deleted file mode 100644
index 8b1420ee..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-signed.1advice-signed.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
- 32by6AdEK8sMSSW24h3290YngOx6o14TtYirwH57Plc=IilJ1HabeLEMnQXR3olQgWQ6AzGgG/f0PdecFLSfOiOzXgHsEhnKdCoKrLvkFNW+GHMyw1FHfYE0TP+O62SFBxbzQVKD4VrlEAeJwISiH/MtLiFiARXYrvshD/vJOpQgiR3WJW3IuqsZPjrDzflnwr7CJ48TooTZVY3m0kDh+JCOKsaHg76cPOm51V+ZJmVe6aBPsIMRYyUJY4WcikpHvMDGL+MlUow0rC6qiJ2JzKTs/yAvp0TcRHSM//0s5h8Z4R67r/ECbLFs2f4WM1ggYKqZpasNQbeFFey4/XdRvRHDcQn711HxBLsam+qD6EFnJO7FWkV033F6WkDGwQheDA==
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- MDfWSGB2QmoV3THz9KU/8vLcYnTO2G2Lf+0F/DNDu78=Z3KfW/E9VdUhxQN4nMNFFlp2g7A0SZV0dnU8UTqKT5loy0+lniWoSf2fJjX0fgEackedWBDGwY4hM2W1xbC3r0MlS3xXudRFQFY04uIeVStt/aYgSckDnUsffkXpsw2agGOav1bZdgNIblaZYt5nIBWRUFMmJUnaR5XJ1S311G0gGxBzOzw4jYqKoWfJ/3bygqZxCYhPmOFBYPi2tLIGPMhC0Gt1+lbO9ociMz3k+z5zWCXRqRfq6zN9Ks5x9adS0ofbbaXRArwfYfXUUaFA9XrkzphwdNZy0KJSfQWtHKMyddHVFepq38/GjipCSnYV6TiCA4YzYxsShnge4ctzjQ==
-UvTBtpd/QsNbEZaTVdWTUj2vYN+oBjYg/gTmLYChv9A=dDu5iloo/Ah8Wf5oe80SZJMQsfsaKisKkPSCGXjquNOomqZsct+khxXiPWSrIksQmHtbcUtx1PExdZJ/P9BRjtYeUi/PRLiXz6rON+k9m2BVWmZUANXFF4yhZkU9q0WNPoETSpWR1laO3o0+sAwD6BoZu5q5+mBisg7OJLO61qB9c/VSc6ypH3JjcFzZm2Q8/R1LZtM/JtKbgzsR59SlSTKuW1Tz0pU0L700o/LfLBgyflfaSFUQxhlZmOpvxN9BKhpOU0czhvlKOMMndztlF0BLNVM1NyOjO6qcKvxxJoW6LGAzAUl9pWC6WoypzsIUnx+XUBsHyoz9I6Y1cikuZw==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-signed.1advice-unsigned.xml b/test/static/signatures/valid/response.root-signed.assertion-signed.1advice-unsigned.xml
deleted file mode 100644
index 0ae070db..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-signed.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- kObrMLtwlZT3OYmstzY2kzYZN8CcmcYla1af9ZT/9/0=vc2FGUjV17K+lHN186mhOMvBfgyTNnkM/67byJqlQUR0MCaTigBtcKtkr4dZm05umtnl7QHX35TAUByGtaggk8lj/3Ge+R086/8GGIgAUctwNGPlUtOnLXmvW7JQj70BeTXaS1QBsDamkePzCGxQDI92wKw3CPkFsX2lXLAgSLtfzOmnJqvxU6x+ItYY7ocnoruuEMvS7YYpJ+CGqe6nQ5zdglD2JVefjWXUq7sU1J2mZ9f1WoHdTWBUvwX0BgEUg/DFknueBaI7ZlxoL7eIs4pen4DcLTtUTsHX50L1cr4piaEwqqSj1U/pvfqa5Zpn/VLmAx2ia0ZCHlYN1LIeXw==
-vEwbdEHKTaKHy0gAH81FzX22qUlbHDiIz25CdLDIUHA=UurDWgiukshWcaeh6wT6uQS8xLGpJ+SwmgG6lynlrI/IH3k6ltdwiODjRUwQqY6C1UtH1h0cdJR+B2VB4a3w62XEM1qZChyO1QQ85JYyWfqhhkml8XQkZbtjBihc5Rd4Zy0h4B48+yO8f5SN18E9RWLAWOpV1fc+fbDB+cuxMjHVbH5/UyPyGWObETpSP8EaVym/EOUHiUSxYgZz3gN2RGZKryBOYePeN7Yft/rNLkC2aWSjJ6uaIUUty2DeeqtWF0cEW+mSbo1xjZfN96eGfXGhyrhRBTQSioYxphMlj5Hp1Vx/3lWw+E11JRjdsoksFxvdF38I4Xzf5/Qm9DQxCQ==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-signed.2advice-signed.xml b/test/static/signatures/valid/response.root-signed.assertion-signed.2advice-signed.xml
deleted file mode 100644
index 87b7a811..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-signed.2advice-signed.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
- 32by6AdEK8sMSSW24h3290YngOx6o14TtYirwH57Plc=NcDa+Q6qO371Bv6aBRhpuHzrJuPgWPMl0eMtnKJAeDY=cI8mW+14H4l/yqkjb1+QBnBxnGzigngNweTd1euReBLqO/g9a+YpXKH8fgQ9RRZh+L5ZNxLFONTQwCijfL+jFSZLhLPNhlg/Iyh4PlQKkjBXY3cY2n1Aonvrq+A75FSJEDtvqCXtevAO8GP+3pmEYQ4g2GhveUBjYXM6XQafTNxduYnunB/w1QWR9Wq0pvn2PAmGxoR3MbNFCYTghHb6I3/fTz+KMv67DfqkUi5A77xSu9ZGopaYUPS0Hqbv8W/0urxBXOO1rl95W6M3+uP3tAoQkncocRrf2hrUztC1fnYD+A5zYXH4neF37mXysi0czrMbGL0ASB5TEP2chOj9cg==
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- OgGJSo72uGxRrLgYu7+tIDYnHmtQpEf/TMTO51+YKvA=O9XOsqakfZPBpEoD2ZpOG8TUatw0i/v2GbPqkCdncJeyVmI6yuMg/5XXRhvMHQ4+zH/Vox8VBeK3uvNvCTNSV/hzuYlUf1WM89BUCghb0Kcw7KlbdUBKPRaHNG71uSsaZxTVKydVBpK9sBiXU+GRWMa0aWzmC+oR9UKEoozoR9Chi6VaTNFMfa2rkbC51gslZ5Qb28L9P1GhEIK+1hgtcrdEBIdZ/0W1QE93YPvJ41tgsNxoT7PCoSPgCCmVi5QTwNideLP64HTqd/rkzBpseTm8dQdySoCbll1Q/nKgTlyPyJsZ90RFjA5f4LChSRyeOyWHERPSC7V4n72l+yDtxQ==
-/AmA/x3mIGOibT0T0SRNUVA+SGKf52taHmkzZU4JcqU=eEggu1rVjg2MOUsI0IYLTfQ/nYGbMdF10CWxbz1F70JGGpqvAp9emQpLftqT6LwKG2T6FWapEZzvp/WmRUFM45Ek2y+MMkA5rfAv2oMPX48kLEz5h2m1LCnbC++rHAgfoanCFAcpZxOvtQkmnVuLjQgRXfixqmgXfMtJxBeEik+6MFUsWRhZTS4tGIbUDdxz6n5m9umGwx3PKPhMj4QcTJUZqQmIOYmMUDvtisLU6Wr8RXRqkmaIB8U0+ikZjktzeo817H8afK9XeBVs0BHAp6CzXerYP9NT5GAoB4kPDQPqJSiqSiOrmF/cxDywElZwxNpvyePPDfBPpjRNB1bDKQ==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-signed.2advice-unsigned.xml b/test/static/signatures/valid/response.root-signed.assertion-signed.2advice-unsigned.xml
deleted file mode 100644
index 5b4edadf..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-signed.2advice-unsigned.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- gmr1amfM3zV7QhK1Y6iPRpbqzgxl5hNn8mn/NuINTo0=hoEErb+EJYbpU2WUuK7cJK3bOK+xAgQna5TtPHHuUYt44nDLPJd72SdR/ZKH8foZtxwwHZ2vP2DEygE1yPSaND4pOUlARPhIFLOopcei7s5UXl2Ynf22j92swVoYYcsbLDLLid6shsgZJnnPTCpCoHZHcGoXHZI9QQbZZd4w/DnGMKIN8DcWC+1E9ARMlJf4MV2eZEZtM3CRlvB+X+gMWMSDyvPg2hQZ4Yar2X2xAKeaka4Ua/rNRrD8SzRcZV6V2Jtga5BtYdra63FirchLK//pGFwRceeom1Dj0GpO1H7LWIgl5gP3AZGgAr8YPXCD3ISBxvm/Yw81UIDH49SMNQ==
-5Bf68tIF9NwX7tsKQzin35UkKg+RArZNAu3oaF2r3EU=FWfMZAIYkhfD43c+D736eEnjAMBKYuDKYsc74BRIFg6gBIve43QjkGaqzTEfd8zT47SyPpL1t7YdFaxs4z4B5ZXvbgYM4CvXKi6mtNwushvUztaMNXoDmSq1fvZuWeLqhbpAD3nbxRtgQf/mqPhLL2eFoMgJ9AYInOULpNBjqJ3dEVm/Z8Hh0Ve/alQLEzRX4BpJBXn+XDoBloj79A3Bp/8MiHGt+cPTIcsZWw4Tf6ZX65IgWYAqVHV6ejA8zXZ+8Bec+zGDsMdZhM03loTjaivAbD7ADD+bp07ubNaaO0q0YveHYcFe1VJMNJhw7xNEiPUsxW6pUEFcfJq3CNbjbw==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-signed.xml b/test/static/signatures/valid/response.root-signed.assertion-signed.xml
deleted file mode 100644
index abb4b6da..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-signed.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- nT8hRy7WnO4n3hiYyBE0zgE/Vwj0aqQUhFxE+PvW94c=To9fxKoAEyoD0z0RNJg6xB5HFeiUaOJLwAkcGMoGHYO4eURvTGbDVfM1e/7B2ALoCEaouKHF5kmnSjfks3YNQ1/Gfz0wxrrpXZ8nM/Egj3A/MRYFf6TgN9mzaGisle5nctRDK2V7UzrQx+5emBgUYWjXr6j5Xz+9XorcS5whVVE2jfIZBqTJ3uAlm3JLiwWVAiGrgvjjFEYow4r7zSJ6f2SNyC78t3Hvjngfa8LX9YwyP1gEKXWA1Egr3M5LWp76BbuErEs6vNQRW8xEen5aeDLRMBbsSEn3AOzBDDWqAN0G7r8NWb/S39twFOJF0xFZKpVvCv/0wODs4ZEVTbuojA==
-qYWgtqJ5/zkxUD+GIZ5TvaItfMYYjpMB8XMFeATHdTM=fdEmRX3FdcD+w3TLsF3Q57fOFCZJ/psl8+H2qmBgRw5VmUECr/wjFHdO4Sazu3azrmoDwsc6Y2aVGn6+jX3M00xsp6P2rYQQEwmjRdv1n05YP4bo4hVeuj0chJS5gwfPuFyWlgO1S98OXVOhE2WPAla1zKdeecVxHvNiXcO775ObGmifS4xT04QU/VLZdhYeUVR3EOCD1oqWNmzfsKXqcCsBMfPB9X3P+wrhAWz2cCb4RXmNP3wnlAxfC3M7qQruy2yW2aqsxg6bA/VvJ2HkBzSx7B2tBQO7D56KAMG+coG2QlR6eExQyeAG/Iaz7h006Y1EZXKcJSXunLCzPog3Kw==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-unsigned.1advice-unsigned.xml b/test/static/signatures/valid/response.root-signed.assertion-unsigned.1advice-unsigned.xml
deleted file mode 100644
index a11d34fa..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-unsigned.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-5wg810GLqW+t9PLsVIA4HowQrP1ORKYuYG8l7B8rNAw=JDIzw+1kv3SMfvJF3IeF4tSr2/VosORAo2epsDsRCjMjjDinuIZowgObOXyf1AAZK/HPZnMcIDoow3C55HdA8RrepVzyJVUY8Umf3BQKvP8vNbwnnA1W81sa0hMLd6Lqy2/zEN09jQ1Gpm2VKsIE5TLILKGyO4MjcsTSSVVq9jfhOHrAoWmRnCIO3PdB3sB/baKTZPZUiQzpywyZY2ucGcSdmUkPhdlM0FvZ0dQ7OaAIxhDGLzSJbnM6Zfm/t62JY3xXH/Nl9QuJx4z0W314Ak/pvoLkHm53oziQnfRSr38CLGB+efiKWCarHkShbtMHhqxJU2ehnx6Pobgz8wV3nw==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-unsigned.2advice-unsigned.xml b/test/static/signatures/valid/response.root-signed.assertion-unsigned.2advice-unsigned.xml
deleted file mode 100644
index 3a202377..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-unsigned.2advice-unsigned.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-8L+EbdtsrQn2ojFJPsTFRhGEdC6Ub9Evxrj3KEXWPyY=Bca3aGYXbRyifnsFaHcWilzpuWbBjQ5i8/HmXt5dFIrWO8yJD4Qdeb86J2/2CHTpm5J77Z3Ww1CVoodagkwiDGuj/CjUeBTWyVzDuZsGRH/h/dL9i083udnpt2V1/vIyq1eU6qJzjRW6xAT6ObY+f9/lQ8wpzgRDc+s7X0k2uGhgwknJDjCb8xyr6m31rJNGnR/TZFrbKgpjrfUX1l51A7Q0ctkl3bjATnZLYebmgUJfri7WoEO4kkkn/11GpCl+UvOU86QJw5iSCFqivuDJl94zmVl0cx0fhYvgmqQ6aN2cnSIbANisMsL9cZi6030pIwrHKLmzDDTrcJw9TVneZQ==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-signed.assertion-unsigned.xml b/test/static/signatures/valid/response.root-signed.assertion-unsigned.xml
deleted file mode 100644
index e618e3f1..00000000
--- a/test/static/signatures/valid/response.root-signed.assertion-unsigned.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-tXVP7qLQ2AY2XRYyxjUHlZFmTclDPcWPF5s98mqi3N4=JIQ+CHFnBpau/97L5GRFIFtvpHfcpEynzTDFcJrApogHvVXubmUWXtOcOCloepK3gkPdMtPdsf/t86BDdXU9hK9uwTIa23utAu5Btgs+mK1YIvIMyWddtXysEu34T5jNZs8F/bG2xug1nSn8BrL9s2x1yui66noCYD/mGjVbsJY76abKXKnRblnyGa0Iqx3T1qSo2bcTnTP/NvGapr3Fg5jby6TnuCBqH0KyhnqJL8hbCcRQXKUzLYIk3RcOfaRvVN/WeQD0SdWmY8EMTePUxkbOTGAgj7prFNI3eb8FZsfHPCL9R1H39veVaBUU/hM/8jm9FZK+0ccaTNhlj8tHhQ==
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-unsigned.assertion-signed.1advice-signed.xml b/test/static/signatures/valid/response.root-unsigned.assertion-signed.1advice-signed.xml
deleted file mode 100644
index 63bf9f3c..00000000
--- a/test/static/signatures/valid/response.root-unsigned.assertion-signed.1advice-signed.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
- 32by6AdEK8sMSSW24h3290YngOx6o14TtYirwH57Plc=IilJ1HabeLEMnQXR3olQgWQ6AzGgG/f0PdecFLSfOiOzXgHsEhnKdCoKrLvkFNW+GHMyw1FHfYE0TP+O62SFBxbzQVKD4VrlEAeJwISiH/MtLiFiARXYrvshD/vJOpQgiR3WJW3IuqsZPjrDzflnwr7CJ48TooTZVY3m0kDh+JCOKsaHg76cPOm51V+ZJmVe6aBPsIMRYyUJY4WcikpHvMDGL+MlUow0rC6qiJ2JzKTs/yAvp0TcRHSM//0s5h8Z4R67r/ECbLFs2f4WM1ggYKqZpasNQbeFFey4/XdRvRHDcQn711HxBLsam+qD6EFnJO7FWkV033F6WkDGwQheDA==
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- MDfWSGB2QmoV3THz9KU/8vLcYnTO2G2Lf+0F/DNDu78=Z3KfW/E9VdUhxQN4nMNFFlp2g7A0SZV0dnU8UTqKT5loy0+lniWoSf2fJjX0fgEackedWBDGwY4hM2W1xbC3r0MlS3xXudRFQFY04uIeVStt/aYgSckDnUsffkXpsw2agGOav1bZdgNIblaZYt5nIBWRUFMmJUnaR5XJ1S311G0gGxBzOzw4jYqKoWfJ/3bygqZxCYhPmOFBYPi2tLIGPMhC0Gt1+lbO9ociMz3k+z5zWCXRqRfq6zN9Ks5x9adS0ofbbaXRArwfYfXUUaFA9XrkzphwdNZy0KJSfQWtHKMyddHVFepq38/GjipCSnYV6TiCA4YzYxsShnge4ctzjQ==
-
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-unsigned.assertion-signed.1advice-unsigned.xml b/test/static/signatures/valid/response.root-unsigned.assertion-signed.1advice-unsigned.xml
deleted file mode 100644
index eb9b3139..00000000
--- a/test/static/signatures/valid/response.root-unsigned.assertion-signed.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- kObrMLtwlZT3OYmstzY2kzYZN8CcmcYla1af9ZT/9/0=vc2FGUjV17K+lHN186mhOMvBfgyTNnkM/67byJqlQUR0MCaTigBtcKtkr4dZm05umtnl7QHX35TAUByGtaggk8lj/3Ge+R086/8GGIgAUctwNGPlUtOnLXmvW7JQj70BeTXaS1QBsDamkePzCGxQDI92wKw3CPkFsX2lXLAgSLtfzOmnJqvxU6x+ItYY7ocnoruuEMvS7YYpJ+CGqe6nQ5zdglD2JVefjWXUq7sU1J2mZ9f1WoHdTWBUvwX0BgEUg/DFknueBaI7ZlxoL7eIs4pen4DcLTtUTsHX50L1cr4piaEwqqSj1U/pvfqa5Zpn/VLmAx2ia0ZCHlYN1LIeXw==
-
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-unsigned.assertion-signed.xml b/test/static/signatures/valid/response.root-unsigned.assertion-signed.xml
deleted file mode 100644
index 7adef2f5..00000000
--- a/test/static/signatures/valid/response.root-unsigned.assertion-signed.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
- nT8hRy7WnO4n3hiYyBE0zgE/Vwj0aqQUhFxE+PvW94c=To9fxKoAEyoD0z0RNJg6xB5HFeiUaOJLwAkcGMoGHYO4eURvTGbDVfM1e/7B2ALoCEaouKHF5kmnSjfks3YNQ1/Gfz0wxrrpXZ8nM/Egj3A/MRYFf6TgN9mzaGisle5nctRDK2V7UzrQx+5emBgUYWjXr6j5Xz+9XorcS5whVVE2jfIZBqTJ3uAlm3JLiwWVAiGrgvjjFEYow4r7zSJ6f2SNyC78t3Hvjngfa8LX9YwyP1gEKXWA1Egr3M5LWp76BbuErEs6vNQRW8xEen5aeDLRMBbsSEn3AOzBDDWqAN0G7r8NWb/S39twFOJF0xFZKpVvCv/0wODs4ZEVTbuojA==
-
\ No newline at end of file
diff --git a/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml b/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml
deleted file mode 100644
index 8e1c271b..00000000
--- a/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-
diff --git a/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml b/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml
deleted file mode 100644
index 6532a91c..00000000
--- a/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- https://evil-corp.com
-
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- Jules Winnfield
-
-
-
-
-
- https://evil-daughter-corp.com
-
-
- vincent.vega@evil-daughter-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- John Travolta
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-
diff --git a/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.xml b/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.xml
deleted file mode 100644
index 90688fa1..00000000
--- a/test/static/signatures/valid/response.root-unsigned.assertion-unsigned.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
- https://evil-corp.com
-
-
-
-
- https://evil-corp.com
-
- vincent.vega@evil-corp.com
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
-
-
-
-
-
-
- vincent.vega@evil-corp.com
-
-
-
- Vincent
-
-
-
- VEGA
-
-
-
-
-
diff --git a/test/test-signatures.js b/test/test-signatures.js
deleted file mode 100644
index a26fec22..00000000
--- a/test/test-signatures.js
+++ /dev/null
@@ -1,83 +0,0 @@
-const should = require('should'),
- SAML = require('../lib/passport-saml/index.js').SAML,
- fs = require('fs'),
- cert = fs.readFileSync(__dirname + '/static/cert.pem', 'ascii'),
- sinon = require('sinon');
-
-describe('Signatures', function() {
-
- const INVALID_ROOT_SIGNATURE = 'Invalid signature on documentElement',
- INVALID_SIGNATURE = 'Invalid signature',
- createBody = pathToXml => ({ SAMLResponse: fs.readFileSync(__dirname + '/static/signatures' + pathToXml, 'base64') }),
- tryCatchTest = ( done, func ) => ( ...args ) => {
- try {
- func(...args);
- }
- catch ( ex ) {
- done(ex);
- }
- },
- testOneResponse = ( pathToXml, shouldErrorWith, amountOfSignatureChecks = 1 ) => {
- return done => {
- //== Instantiate new instance before every test
- const samlObj = new SAML({ cert });
- //== Spy on `validateSignature` to be able to count how many times it has been called
- const validateSignatureSpy = sinon.spy(samlObj, 'validateSignature');
-
- //== Create a body bases on an XML an run the test in `func`
- samlObj.validatePostResponse(createBody(pathToXml), tryCatchTest(done, function( error ) {
- //== Assert error. If the error is `SAML assertion expired` we made it past the certificate validation
- shouldErrorWith ? error.should.eql(new Error(shouldErrorWith)) : error.should.eql(new Error('SAML assertion expired'));
- //== Assert times `validateSignature` was called
- validateSignatureSpy.callCount.should.eql(amountOfSignatureChecks);
- done();
- }));
- };
- };
-
- describe('Signatures on saml:Response - Only 1 saml:Assertion', () => {
- //== VALID
- it('R1A - both signed => valid', testOneResponse('/valid/response.root-signed.assertion-signed.xml', false, 1));
- it('R1A - root signed => valid', testOneResponse('/valid/response.root-signed.assertion-unsigned.xml', false, 1));
- it('R1A - asrt signed => valid', testOneResponse('/valid/response.root-unsigned.assertion-signed.xml', false, 2));
-
- //== INVALID
- it('R1A - none signed => error', testOneResponse('/invalid/response.root-unsigned.assertion-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A - both signed => error', testOneResponse('/invalid/response.root-signed.assertion-signed.xml', INVALID_SIGNATURE, 2));
- it('R1A - root signed => error', testOneResponse('/invalid/response.root-signed.assertion-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A - asrt signed => error', testOneResponse('/invalid/response.root-unsigned.assertion-signed.xml', INVALID_SIGNATURE, 2));
- });
-
- describe('Signatures on saml:Response - 1 saml:Assertion + 1 saml:Advice containing 1 saml:Assertion', () => {
- //== VALID
- it('R1A1Ad - signed root+asrt+advi => valid', testOneResponse('/valid/response.root-signed.assertion-signed.1advice-signed.xml', false, 1));
- it('R1A1Ad - signed root+asrt => valid', testOneResponse('/valid/response.root-signed.assertion-signed.1advice-unsigned.xml', false, 1));
- it('R1A1Ad - signed asrt+advi => valid', testOneResponse('/valid/response.root-unsigned.assertion-signed.1advice-signed.xml', false, 2));
- it('R1A1Ad - signed root => valid', testOneResponse('/valid/response.root-signed.assertion-unsigned.1advice-unsigned.xml', false, 1));
- it('R1A1Ad - signed asrt => valid', testOneResponse('/valid/response.root-unsigned.assertion-signed.1advice-unsigned.xml', false, 2));
-
- //== INVALID
- it('R1A1Ad - signed none => error', testOneResponse('/invalid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A1Ad - signed root+asrt+advi => error', testOneResponse('/invalid/response.root-signed.assertion-signed.1advice-signed.xml', INVALID_SIGNATURE, 2));
- it('R1A1Ad - signed root+asrt => error', testOneResponse('/invalid/response.root-signed.assertion-signed.1advice-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A1Ad - signed asrt+advi => error', testOneResponse('/invalid/response.root-unsigned.assertion-signed.1advice-signed.xml', INVALID_SIGNATURE, 2));
- it('R1A1Ad - signed root => error', testOneResponse('/invalid/response.root-signed.assertion-unsigned.1advice-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A1Ad - signed asrt => error', testOneResponse('/invalid/response.root-unsigned.assertion-signed.1advice-unsigned.xml', INVALID_SIGNATURE, 2));
-
- });
-
- describe('Signatures on saml:Response - 1 saml:Assertion + 1 saml:Advice containing 2 saml:Assertion', () => {
- //== VALID
- it('R1A2Ad - signed root+asrt+advi => error', testOneResponse('/valid/response.root-signed.assertion-signed.2advice-signed.xml', false, 1));
- it('R1A2Ad - signed root+asrt => error', testOneResponse('/valid/response.root-signed.assertion-signed.2advice-unsigned.xml', false, 1));
- it('R1A2Ad - signed root => error', testOneResponse('/valid/response.root-signed.assertion-unsigned.2advice-unsigned.xml', false, 1));
-
- //== INVALID
- it('R1A2Ad - signed none => error', testOneResponse('/invalid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A2Ad - signed root+asrt+advi => error', testOneResponse('/invalid/response.root-signed.assertion-signed.2advice-signed.xml', INVALID_SIGNATURE, 2));
- it('R1A2Ad - signed root+asrt => error', testOneResponse('/invalid/response.root-signed.assertion-signed.2advice-unsigned.xml', INVALID_SIGNATURE, 2));
- it('R1A2Ad - signed root => error', testOneResponse('/invalid/response.root-signed.assertion-unsigned.2advice-unsigned.xml', INVALID_SIGNATURE, 2));
-
- });
-
-});