search

robrichards / xmlseclibs

A PHP library for XML Security
BSD 3-Clause "New" or "Revised" License
387 stars 181 forks source link

Signing Response, Issues with InclusiveNamespaces #211

Open tusharvikky opened 4 years ago

tusharvikky commented 4 years ago

Hello,

I have been trying to sign saml Response for SSO implementation. I was able to sign, however, I;m stuck with adding InclusiveNamespaces Tag with PrefixList="#default code ds kind rw saml samlp typens".

Following is my ReferenceList code.

$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
            array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
            array('id_name' => 'ResponseID'));

Any help regarding how I can get the following:

<Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <InclusiveNamespaces PrefixList="#default code ds kind rw saml samlp typens"
                            xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transform>
                    </Transforms>

Currently, this is what I have been getting:

<ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
tvdijen commented 4 years ago

Why reinvent the wheel? Have you considered using simplesamlphp/saml2 ?

tusharvikky commented 4 years ago

Yes, I do. The issue being that the idp doesn't support saml2. Had to hack out saml1 out of raw xml. Found no package which supports saml1 on php or python.

I was able to get the saml working but the only difference is the mismatch one tag related to the InclusiveNamespaces.

On Jun 13, 2020 at 1:40 AM, <Tim van Dijen (mailto:notifications@github.com)> wrote:

Why reinvent the wheel? Have you considered using simplesamlphp/saml2 ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub (https://github.com/robrichards/xmlseclibs/issues/211#issuecomment-643462340), or unsubscribe (https://github.com/notifications/unsubscribe-auth/AAN2ELYA6RBEC4DBNVTVCBLRWKDLFANCNFSM4N4SB7KA).

tusharvikky commented 4 years ago

@robrichards Any documentation on how we can set the above InclusiveNamespaces tag?

Any help is appreciated.

robrichards commented 4 years ago

Setting this is not currently supported in the library. I may get around to implementing it but in the meantime PRs are also welcome.