Proposal: integrate efforts/packages

[andrewstuart]

So, I've been doing a bit of work with your library after seeing that you got much further than I ever did on the signature verification front. I'm currently working on integrating with Shibboleth and will likely have a few pull requests at least to enable better integration with Shib.

Eventually, though, I got to the point where I realized that you haven't yet added any decryption capability, which is essentially all I got working in my library (though it only implements a few specific decryption schemes for the Shib version I'm using).

I had gotten through the decryption piece and, excited about my progress, was promptly stopped in my tracks by the complexity of xmldsig, xmlc14n, etc. Looks like you got that hard part done where I gave up, though! :-)

I wanted to touch base and see what you would think about integrating efforts since it seems like there's very little overlap -- almost as if it was planned. I figure it'd mostly look like me merging my code into your codebase to support decrypting encrypted assertions, since you've got a little more traction (7 stars to my 0).

Let me know what you think! :-)

[andrewstuart]

I've pushed an example integration (in-progress; currently getting rsa errors) to my fork if you want to take a look.

Also, here's the toy app I've been working on. My goal is to get a good-enough POC to create an experimental integration with dex.

[russellhaering]

Absolutely submit pull requests for this! I'd love to have solid Shibboleth integration.

@phoebesimon and I have been doing our best to build stable interfaces, but initially only implementing the specific functionality or schemes that we need is totally fine.

[andrewstuart]

@russellhaering or @phoebesimon, any objections to me splitting out saml.go into a few different files? Feel free to check out my fork, since I've pretty much done it there already, but I'd be fine merging them back into one if that's preferred. :-)

[russellhaering]

No objections, go wild