From 1c331ebb90de0d64ea06e9ef75c2a975c01a346d Mon Sep 17 00:00:00 2001 From: Cesar Gonzalez Date: Thu, 13 May 2021 13:29:52 -0700 Subject: [PATCH] Disable sig check in enc response This commit disables the signature check in encrypted responses due to a bug in goxmldsig with transforms. --- service_provider.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/service_provider.go b/service_provider.go index 4dbe9c47..94c11412 100644 --- a/service_provider.go +++ b/service_provider.go @@ -710,12 +710,16 @@ func (sp *ServiceProvider) ParseXMLResponse(decodedResponseXML []byte, possibleR retErr.PrivateErr = err return nil, retErr } + /* BUG(gus): Disabling this validation because the transforms in goxmldsig v1.1.0 are broken. + So even if you have a correct digest it will fail. Once this is fixed, there are PRs, + we need to reenable this. if responseSigned { if err := sp.validateSigned(doc.Root()); err != nil { retErr.PrivateErr = err return nil, retErr } } + */ var key interface{} = sp.Key keyEl := doc.FindElement("//EncryptedAssertion/EncryptedKey")