Incompatibility with xmlsec 1.3.x #377
Comments
|
Good catch It seems that's related to the underlying saml2 module then pysaml2 |
|
Created a bug for this one: |
|
Yes, I've patched by hands pysaml2 on a macosx installation, by adding the relevant parameter to get it to work it is a breaking change of xmlsec1 and it is directly related to pysaml2 |
|
fixed with pysaml2 v7.4.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There appears to be an issue with signing SAML requests now, when used in conjunction with the latest version of xmlsec. The xmlsec folks introduced a breaking change. Their change log states:
(API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
Out of the box, the current version of djangosaml2 tries to use xmlsec and doesn't pass the --lax-key-search option. I can only assume that KeyInfo is not populated either, hence usage of xmlsec generates a KEY-NOT-FOUND error.
One solution would be to populate KeyInfo (or if there is a way to do that, point me in a direction how to ensure that happens). Another would be to detect the version of xmlsec and add the flag to preserve backwards compatibility for folks.
The text was updated successfully, but these errors were encountered: