ruby-saml (~> 1.9) breaks authentication due to adjusted behavior in REXML (3.2.5)

omniauth / omniauth-saml

A generic SAML strategy for OmniAuth

https://github.com/omniauth/omniauth-saml

Other

331 stars 205 forks source link

Closed ichdasich closed 3 years ago

ichdasich commented 3 years ago

In 3.2.5 REXML performed some security patches, which now trigger a bug in ruby-saml before 1.12.1, see: https://github.com/onelogin/ruby-saml/issues/577

This essentially prevents saml authentication with omniauth-saml as ruby-saml is ~> 1.9 even in 2.0.0.