troyfactor4
commented
3 years ago New PR #74 created to close this issue. It is backwards compatible with the sync strategy and includes units tests.
Open troyfactor4 opened 4 years ago
troyfactor4
commented
3 years ago New PR #74 created to close this issue. It is backwards compatible with the sync strategy and includes units tests.
Describe the problem you'd like to have solved
I would like to have my private key stored in my key signing server or HSM. Using an HSM server would provide greater security for the private keys.
Describe the ideal solution
The unsigned XML document should be passed to the HSM server and a signature returned to be embedded in the XML document. The private keys should never leave the HSM.
Alternatives and current work-arounds
No good workarounds are currently available.
Additional context
I have a PR ready for both node-saml and node-samlp, creating this issue just to follow protocol. The solution includes a simple upgrade to allow asynchronous XML signing using a custom function provided by the host application. Unit tests have been created and are passing. The necessary PR's have already been made to xml-crypto version 1.5.3.
May I create a PR for this issue? My branch: https://github.com/troyfactor4/node-saml