fumieval
commented
2 years ago @mbg Are you actively working on this / do you have any uncommited changes? If not, I'm willing to take over the project
Closed mbg closed 2 years ago
fumieval
commented
2 years ago @mbg Are you actively working on this / do you have any uncommited changes? If not, I'm willing to take over the project
mbg
commented
2 years ago Hi @fumieval! Thanks for offering to help with this! I am not actively working on this PR since no one else expressed interest in #6. There are no uncomitted changes, so if you want to finish the work I started here, that would be very much appreciated :)
This PR will add support for unencrypted assertions (#5).
In particular, we ensure that the configuration's type reflects this: the
SAML2Configtype is now parameterised over a list of type-level flags reflecting the security configuration. The library defaults are represented simply by an empty type-level list'[]while settings which change the defaults are added to the list so that it is easy to spot if there are potential security issues.For unencrypted assertions, we have a new smart constructor
saml2PlainTextConfigwhich is likesaml2Config, but does not require a private key for the service provider. The resulting type of configuration isSAML2Config '[PlainTextAssertions].