Open tamersalama opened 11 years ago
The canonicalization doesn't seem to be performed. The XML Signature for the current assertion message validates properly, however - when attribute orders change the validation fails.
Passes Validation:
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_71be78a0-98a7-0130-e799-4dcd5b4422b3" IssueInstant="2013-05-06T18:19:41Z" Version="2.0"> <Issuer>example.com/Issuer> <Subject> <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SOMENAME</NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData InResponseTo="samlr-838de9f0-b679-11e2-b86c-0024811fab45" NotOnOrAfter="2013-05-06T18:22:41Z" Recipient="http://example.com/sso/consume"></SubjectConfirmationData> </SubjectConfirmation> </Subject> <Conditions NotBefore="2013-05-06T18:19:36Z" NotOnOrAfter="2013-05-06T19:19:41Z"> <AudienceRestriction> <Audience>http://example.com/sso/consume</Audience> </AudienceRestriction> </Conditions> <AttributeStatement> <Attribute Name="CustomName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" FriendlyName="CustomName"> <AttributeValue>SOMENAME</AttributeValue> </Attribute> </AttributeStatement> <AuthnStatement AuthnInstant="2013-05-06T18:19:41Z" SessionIndex="_71be78a0-98a7-0130-e799-4dcd5b4422b3"> <AuthnContext> <AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion>
Fails Validation (changed attribute order for Attribute):
... <Attribute FriendlyName="CustomName" Name="CustomName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > ...
The canonicalization doesn't seem to be performed. The XML Signature for the current assertion message validates properly, however - when attribute orders change the validation fails.
Passes Validation:
Fails Validation (changed attribute order for Attribute):