There are a few places where we assume the SAML namespace is called saml:. For example, we look for an element specifically matching saml:EncryptedAssertion.
It seems like in practice this is almost always true, but we have ran into at least one situation where the namespace was saml2: -- see #45.
We should either figure out the correct namespace from the relevant xmlns: attribute or not look for the namespace part at all (I doubt there would be any non-SAML EncryptedAssertion elements in the response)
camsaul
commented
1 year ago
There are a few places where we assume the SAML namespace is called
saml:. For example, we look for an element specifically matchingsaml:EncryptedAssertion.It seems like in practice this is almost always true, but we have ran into at least one situation where the namespace was
saml2:-- see #45.We should either figure out the correct namespace from the relevant
xmlns:attribute or not look for the namespace part at all (I doubt there would be any non-SAMLEncryptedAssertionelements in the response)