New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML Request signing broken due to strip!
method
#643
Comments
OneLogin stopped maintaining this library more than a month ago |
@pitbulk was trying to arrange takeover rights. I don't know whether that ended up happening |
Still working on getting it swapped over. @eriktalvi - Any updates? |
@pitbulk - Haven't heard anything...you want to just start forking things? Let us know how we can help. Could assign @eriktalvi to help with that forking process as long as @Subterrane approves. |
I had a conversation today with Tat Ng (VP Engineering) and it was cool, I hope to have such access soon. |
Nice. Maybe don't fork just yet then :) |
Fixed at #650 |
We are updating our SAML authentication requests to our service provider by including SAML signing, however the resulting
DigestValue
is always blank. I traced the problem back to thecompute_digest
method, which is usingstrip!
to remove preceding and trailing whitespaces.We are using
OpenSSL::Digest::SHA256
as ourdigest_algorithm
, but the Base64 encoding of the digest created on the previous line doesn't contain any preceding or trailing whitespaces, causing thestrip!
method to returnnil
instead of the supplied value. We have also attempted to alter the SAML metadata provided to the ruby-saml gem in order to introduce a whitespace to pass this method but were unable to find a way to do so.What is the purpose of using
strip!
over the basestrip
method? Is it possible for it to be replaced withstrip
in this instance?The text was updated successfully, but these errors were encountered: