Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

in checking responses, the underlying library skips the checks for certain attributes if they are not present #25

Open
simevo opened this issue Jul 24, 2018 · 1 comment
Open

in checking responses, the underlying library skips the checks for certain attributes if they are not present #25

simevo opened this issue Jul 24, 2018 · 1 comment
Labels
assessment

Comments

@simevo
Copy link
Owner

simevo commented Jul 24, 2018
edited

... for example for the Destination element in Response:
https://github.com/onelogin/php-saml/blob/master/lib/Saml2/Response.php#L227
but the SPID spec it is required (page 11/12) :

nell’ elemento <Response> ... deve essere presente l’attributo Destination

One approach to fix this without patching upstream code is to turn on the security.wantXMLValidation option and patch the schemas

NOTE: the SAML XSDs are not sufficient, for the example above Destination element in Response is optional for the SAML XSD
@simevo simevo changed the title in checking Response/Assertion/LogoutResponse, the underlying library skips the check if the attribute is not present in checking Response/Assertion/LogoutResponse/LogoutRequest, the underlying library skips the check if the attribute is not present Jul 24, 2018
@simevo simevo changed the title in checking Response/Assertion/LogoutResponse/LogoutRequest, the underlying library skips the check if the attribute is not present in checking response, the underlying library skips the checks for some certain attributes if they are not present Jul 24, 2018
@simevo simevo changed the title in checking response, the underlying library skips the checks for some certain attributes if they are not present in checking responses, the underlying library skips the checks for some certain attributes if they are not present Jul 24, 2018
@simevo simevo changed the title in checking responses, the underlying library skips the checks for some certain attributes if they are not present in checking responses, the underlying library skips the checks for certain attributes if they are not present Jul 24, 2018
@simevo
Copy link
Owner Author

simevo commented Aug 3, 2018

another solution is to unpack the XML with simple_xml on our side and do the checks that php-saml skips

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
assessment
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simevo