There are a few places where we assume the SAML namespace is called saml:. For example, we look for an element specifically matching saml:EncryptedAssertion.
It seems like in practice this is almost always true, but we have ran into at least one situation where the namespace was saml2: -- see #45.
We should either figure out the correct namespace from the relevant xmlns: attribute or not look for the namespace part at all (I doubt there would be any non-SAML EncryptedAssertion elements in the response)
There are a few places where we assume the SAML namespace is called
saml:
. For example, we look for an element specifically matchingsaml:EncryptedAssertion
.It seems like in practice this is almost always true, but we have ran into at least one situation where the namespace was
saml2:
-- see #45.We should either figure out the correct namespace from the relevant
xmlns:
attribute or not look for the namespace part at all (I doubt there would be any non-SAMLEncryptedAssertion
elements in the response)