CZ-NIC / django-eidas-specific-node

GNU General Public License v3.0
2 stars 2 forks source link

Undeclared prefix saml2 when decrypting encrypted assertion #87

Closed jiri-janousek closed 4 years ago

jiri-janousek commented 4 years ago

@jtalir got a response from NAKIT about why our encrypted SAML responses are not accepted: 'saml2' is an undeclared prefix. Line 1, position 2.

We should check whether xmlsec adds XML namespaces declarations inherited from parent elements. If it doesn't, the decrypted <samp2:Assertion> cannot act as an independent XML document. (It doesn't matter in our decryption method where the decrypted <samp2:Assertion> is a part of the XML document with all namespaces declared.)