Support ADFS encrypted key#405
Support ADFS encrypted key#405pitbulk merged 1 commit intoSAML-Toolkits:masterfrom joshwetzel:dynamic_encryption_namespace
Conversation
|
Thanks for sharing that code, I will review it soon. |
|
@pitbulk have you had a chance to review this? |
|
Yes I reviewed it and I'm not a fan of ignore namespaces. Trying to figure out something here. Maybe, meanwhile can you temp change your certificates, and provide an encoded SAMLResponse encryped with non production keys (and provide me by mail the necessary data to debug)? |
|
Perhaps something not so heavy handed? I've removed the dynamic namespace. |
|
@pitbulk let me know what you think of the latest changes I pushed up. |
| { "ds" => DSIG, "xenc" => XENC }, | ||
| { "id" => self.retrieve_symetric_key_reference(encrypt_data) } | ||
| "./ds:KeyInfo/xenc:EncryptedKey | ./KeyInfo/e:EncryptedKey | //xenc:EncryptedKey[@Id=$id]", | ||
| { "ds" => DSIG, "xenc" => XENC, "e" => XENC }, |
There was a problem hiding this comment.
why add "e" => XENC if already was defined "xenc" => XENC? It should be:
"./ds:KeyInfo/xenc:EncryptedKey | ./KeyInfo/xenc:EncryptedKey | //xenc:EncryptedKey[@id=$id]",
{ "ds" => DSIG, "xenc" => XENC},
There was a problem hiding this comment.
Thanks, updated.
|
I will release a new version soon. |
ADFS does not use the
dsnamespace on theirKeyInfonode.