arminfelder
commented
6 years ago fixed with 76f0f207281f81e0cff69cba723e5bc7b3a0256d
Closed rhoerbe closed 6 years ago
arminfelder
commented
6 years ago fixed with 76f0f207281f81e0cff69cba723e5bc7b3a0256d
steffow
commented
6 years ago Fixed in DevBranch but PR Code had issues. Could you pls test?
saml_util.js is using xml2js to parse XML requests, using the namesspace-prefix instead of the actual namespace. It is not enough to recognise samlp: and saml2p: as there are libraries with other namespaces.
Expected solution: replace xml2js with a W3C-comforming XML parser and check for the actual namespace, e.g. urn:oasis:names:tc:SAML:2.0:protocol instead of samlp or saml2p.
This will make the addition of additional namespace prefixes such as in https://github.com/steffow/meteor-accounts-saml/pull/16 unnecessary.