Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SAML Response with Signed Message & Assertion #22

Open
peffis opened this issue Feb 17, 2022 · 1 comment
Open

SAML Response with Signed Message & Assertion #22

peffis opened this issue Feb 17, 2022 · 1 comment

Comments

@peffis
Copy link

peffis commented Feb 17, 2022

It looks like this library, when signing, will find the first Signature and compute the Digest/Signature values for that. Is it possible to use this library also when you want to sign both the Message and the Assertions in a SAML response document - thus you would have two Signature blocks in the xml documents to sign both the whole document and then also the assertions.

Example of such a document with two Signature tags can be seen here: https://developers.onelogin.com/saml/examples/response#:~:text=A%20SAML%20Response%20is%20sent,NameID%20%2F%20attributes%20of%20the%20user.&text=A%20signed%20SAML%20Response%20with%20an%20encrypted%20Assertion,with%20an%20encrypted%20signed%20Assertion

@ma314smith
Copy link
Collaborator

I believe you are correct.

You could potentially still accomplish this by just passing in the Assertion segment, signing it, and inserting it back into the main doc. Then sign the whole message. I have not tested this, but if I'm understanding your use case correctly, it may work.

A code change would be required to do this in a single step. If you want to submit a PR for it, I'm certainly open to that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants