SignatureValue not being checked?

Hi. I am trying to verify a SAML2 response by sending a POST request to my SP setup. The token has a SignatureValue in it. It seems that the validateSignature function inside passport-saml/lib/passport-saml/saml.is never finds the needed signature object and returns false `var xpathSigQuery = ".//*[local-name(.)='Signature' and " + "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']";

var signatures = xpath(currentNode, xpathSigQuery);

// This function is expecting to validate exactly one signature, so if we find more or fewer // than that, reject. if (signatures.length != 1) return false;`

My token looks like this `<?xml version="1.0" encoding="UTF-8"?>

Islyklar 3IHF2lkJL3gxyJ99C7z1lZGI6SBT5U9ZfwV3TBQNl4M= CD7KFLp3j0UizzWRTri/pOX+5nfai0BOmT/5KMwGOWViIyX74j/WXI7XdVjTS/Zfiziepimbo8eiWFKtgYlxLIzMHoICK8WYz+r7bZGdecvHV6xeTlVQcwDwna6grrOGzzvrWbrbiO8IDRld459bGg1KKqM0AM3Zpr/Kagnce+5egRGDeAWLPwGWyHfLF37BvAweZ9+sYV4LBEGXtILkgJqxQWsh/Yfe8qz49hxaIp3E5YYmvtBqRSfwyPJHjgGYeioz1JanO5v5hHihas+ZKCK7SRRY6QojY0wChB8pxbpivCwvZ3/BOY8lzdtpQryAmmQkPmB0HZa9yG3h6LGvkg== MIIGDDCCBPSgAwIBAgICHRwwDQYJKoZIhvcNAQEFBQAwgZIxCzAJBgNVBAYTAklTMRMwEQYDVQQFEwo1MjEwMDAyNzkwMRYwFAYDVQQKEw1BdWRrZW5uaSBlaGYuMSMwIQYDVQQLExpVdGdlZmFuZGkgYnVuYWRhcnNraWxyaWtqYTEWMBQGA1UECxMNTWlsbGlza2lscmlraTEZMBcGA1UEAxMQVHJhdXN0dXIgYnVuYWR1cjAeFw0xNjA3MTQxNTExMzdaFw0xODA3MTQxNTExMzdaMIHCMQswCQYDVQQGEwJJUzEeMBwGA1UECgwVw55qw7PDsHNrcsOhIMONc2xhbmRzMRgwFgYDVQQLEw9CdW5hZGFyc2tpbHJpa2kxJTAjBgNVBAsMHFVuZGlycml0dW4gZcOwYSBhdcOwa2VubmluZyAxHTAbBgkqhkiG9w0BCQEWDnZlcmtAaXNsYW5kLmlzMRMwEQYDVQQFEwo2NTAzNzYwNjQ5MR4wHAYDVQQDExVJbm5za3JhbmluZyBJc2xhbmQuaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGunlc4jwRyE+W0MiWfT6sdXvSMwsRTg3rTlw50/rbjUuGGMhYerYFl7itc/i0ZsMbGetq8Z/BFnEIqhY/zsHFk/DRRBLze6HIOLYAqMn9LEGVhquzwfQW8dCB7LEr+W/YdbdTp6vkbiE2h2PDtb8VYpH103Oa8FzplVKSwZLSRhiJAeI9Rs7Z+2SlNhTje9tUxzWInxtSTmnjB/YXISJgfwtrt/5Ws1Z0CX/VgQ4+ZsnmN7t+8AeDwv41SkJCjT7R1Vn5IKm3QNBzS+q414H4eCa1O2my7NehvLBvrjeHegsP4mtYp8bNJ6W/IxsXDLY3AKe2IM72+AAytXlMONahAgMBAAGjggI4MIICNDAMBgNVHRMBAf8EAjAAMIIBHAYDVR0gBIIBEzCCAQ8wggELBglggmABAgEBBAEwgf0wgcQGCCsGAQUFBwICMIG3GoG0VGhpcyBjZXJ0aWZpY2F0ZSBpcyBpbnRlbmRlZCBmb3IgZGlnaXRhbCBzaWduYXR1cmVzIGFuZCBhdXRoZW50aWNhdGlvbi4gVGhpcyBjZXJ0aWZpY2F0ZSBmdWxmaWxzIHRoZSByZXF1aXJlbWVudHMgb2Ygbm9ybWFsaXplZCBjZXJ0aWZpY2F0ZSBwb2xpY3kgKE5DUCkgZGVmaW5lZCBpbiBFVFNJIFRTIDEwMiAwNDIuMDQGCCsGAQUFBwIBFihodHRwOi8vY3AuYXVka2VubmkuaXMvdHJhdXN0dXJidW5hZHVyL2NwMHMGCCsGAQUFBwEBBGcwZTAjBggrBgEFBQcwAoYXaHR0cDovL29jc3AuYXVka2VubmkuaXMwPgYHYIJgAgFjBoYzaHR0cDovL2NkcC5hdWRrZW5uaS5pcy9za2lscmlraS90cmF1c3R1cmJ1bmFkdXIucDdiMAsGA1UdDwQEAwIF4DAfBgNVHSMEGDAWgBRv7NsRLAEDaxtgrrb4aNlAAc2OODBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL3RyYXVzdHVyYnVuYWR1ci9sYXRlc3QuY3JsMB0GA1UdDgQWBBTXlBUp1axlTP9Rp2js7gSEmHKVzDANBgkqhkiG9w0BAQUFAAOCAQEABbDwqym5k1pmai/UL49pceeJnWSTvpZOabAYXOb/CeOM6iombgSgi/F8nXtZ49QCAZEdlB7S+jKL/6btqnWvE3FtaZpDzU1LdkzvUlJSYJlWCRgQV8g2uLz78QibychcIjlT2j0tx32TTg9kd64KX+k7/YjP+QJ1rpPkvWT7DNdJTrnLhCE01/qgGza2D+3c7Tav7WpqSv1CN7AY0RtDsEDBoH4os+5SRCX0+oOQ7ucv+nbaOYggzz06w7yfUdUQtrxS97fJwuH7hspD50lRdSlzKR38GPcL9E54OMz6Znw8ntw2htNZ1p0K/97sYJUUaHJWSM7u5655JyvpeEjKeA== Islyklar www.digidoktor.is urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient 2402596139 Bragi Leifur Hauksson Rafræn skilríki 10.121.57.25 1106773249 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 ` Also, my IDP posts this saml response to my POST binding using a variable named "_token_" and not "_SAMLResponse_". Can I configure this somehow using the framework?

node-saml / passport-saml

SignatureValue not being checked? #268