When parsing a SAML response, it has been inappropriately stripping xmlns:xs="http://www.w3.org/2001/XMLSchema" attribute in saml2:Assertion. This was causing a discrepancy between Okta's digest and our digest (but only when AttributeStatement is present).
This change fixes the problem by setting psRetainNamespaces = True and adding "xs" to the list of allowed prefixes for c14n.
Special thanks to @hiroqn for figuring this out
Summary
Checklist
[ ] All definitions are documented with Haddock-style comments.
[ ] All exported definitions have @since annotations.
[ ] Code is formatted in line with the existing code.
… when attributes are present
When parsing a SAML response, it has been inappropriately stripping
xmlns:xs="http://www.w3.org/2001/XMLSchema"
attribute in saml2:Assertion. This was causing a discrepancy between Okta's digest and our digest (but only when AttributeStatement is present).This change fixes the problem by setting
psRetainNamespaces = True
and adding "xs" to the list of allowed prefixes for c14n.Special thanks to @hiroqn for figuring this out
Summary
Checklist
@since
annotations.