Skip to content

Commit

Permalink
Disable sig check in enc response
Browse files Browse the repository at this point in the history
This commit disables the signature check in encrypted responses due to a
bug in goxmldsig with transforms.
  • Loading branch information
Cesar Gonzalez committed May 13, 2021
1 parent c7fb324 commit 1c331eb
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions service_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -710,12 +710,16 @@ func (sp *ServiceProvider) ParseXMLResponse(decodedResponseXML []byte, possibleR
retErr.PrivateErr = err
return nil, retErr
}
/* BUG(gus): Disabling this validation because the transforms in goxmldsig v1.1.0 are broken.
So even if you have a correct digest it will fail. Once this is fixed, there are PRs,
we need to reenable this.
if responseSigned {
if err := sp.validateSigned(doc.Root()); err != nil {
retErr.PrivateErr = err
return nil, retErr
}
}
*/

var key interface{} = sp.Key
keyEl := doc.FindElement("//EncryptedAssertion/EncryptedKey")
Expand Down

0 comments on commit 1c331eb

Please sign in to comment.