search

steffow / meteor-accounts-saml

SAML SP tested with OpenAM
27 stars 29 forks source link

SAML Encrypted Assertion #9

Closed anicoa closed 6 years ago

anicoa commented 7 years ago

Hi,

we are implementing rocket.chat-SAML authentication against a simpleSAML idP. This idP ist using encrypted assertion (https://www.samltool.com/generic_sso_res.php) and this seems not to be supported by meteor-accounts-saml.

So we added decryption of the assertion and of the subject by the help of xml-encryption and tried to rebuild the resulting objects to look exactly the same like the original objects. (Regarding the assertion object this worked fine regarding the subject object we are optimistic to find a solution.)

Because there's still some work ahead to make a pr out of this we want to get your opinion on this because we can also apply it as a local patch to our system (but heaving it in the project we prefer ;)

thanks for the work nico

steffow commented 7 years ago

Hey Nico,

sounds good to me. Any good IdP can select which part of the msg is enc/signed or SP can request this. Seems I never tested this. So just send me yr stuff and I'll how we can get that into this project.