-
-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Canonicalization in JRuby #77
Comments
To resolve this on our side would probably involve writing our own canonicalization algorithm. The best approach here is probably to help get that issue in Nokogiri fixed. What else would you suggest we do from our end? |
I would just look at this commit: atomicobject@dc44f88 It works around the issue. However, this workaround makes it so that the response cannot be verified. Assuming the SSO service is using SSL and it isn't a self signed certificate the security risk is minimal I presume? Regardless, it isn't ideal. |
Sorry, I've been swamped with other stuff. I'll take a look as soon as possible. |
Issue sparklemotion/nokogiri#226 is fixed. Please open new issue if you found new bugs in the JRuby implementation. Cheers, |
+1 for ruby-saml v0.8.1 with jruby-1.7.11 |
Nokogiri in JRuby does not appear to support canonicalization (sparklemotion/nokogiri#226) properly such that it will create a digest mismatch. It doesn't appear there will be a fix immediately either since there hasn't been any action taken for 4 months.
Unfortunately, the only work around would be to do a "soft" validation or explicitly remove the digest check in JRuby. :-(
See https://github.com/onelogin/ruby-saml/blob/master/lib/xml_security.rb#L92-L106
The text was updated successfully, but these errors were encountered: