-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
in Assertions, AttributeValues containing EncryptedID are not decrypted/processed #1811
Comments
Hello co-worker ;) This is hard for me to troubleshoot because I don't have an IdP with the capabilities to send an EncryptedID available. |
We’re using Simplesamlphp from Drupal, which is not compatible with simplesamlphp 2.x yet. I will investigate further and get back on this |
Ah yes, I tried to contribute to Drupal and get their plugin compatible with SSP 2.0, but for some reason they blocked my account and didn't bother to respond to my emails 🤷🏻♂️ I suspect our code is not aware of anything other than a saml:NameID element as an attribute value, so hopefully all we have to do is decrypt the EncryptedID before displaying it. |
I have a setup where my SP receives assertions from an IdP with an AttributeValue that contains an EncryptedID.
This attribute (
urn:nl-eid-gdi:1.0:ActingSubjectID
) shows up empty in the SAML 2.0 SP Demo Example page.This is the relevant part of the Assertion with the Attribute
I inspected the code to see if I could fix this. i tried to add some code to decrypt the attribute and add the value to php object Assertion->attributes. Decryption works and I see the correct decrypted attribute value show up in the debugger, but the Demo page then gives an error:
SimpleSAML_exception_handler( $exception = class TypeError { protected $message = 'htmlspecialchars(): Argument #1 ($string) must be of type string, DOMNodeList given'; private ${Error}string = ''; protected $code = 0; protected $file = '/var/www/html/vendor/simplesamlphp/simplesamlphp/templates/includes/attributes.php'; protected $line = 30;
So my code is not quite right.
I will put my code in a MR for you to review but I'm not sure I'm on the right track. Do you maintainers have any thoughts on how to approach this?
Expected behavior
I would expect attributes that contain EncryptedID values to be processed correctly and their values to show up in the SP demo page.
Screenshots or logs
Attached is a SOAP ArtifactResponse that contains an AttributeValue with an encryptedID.
assertion.xml.txt
The text was updated successfully, but these errors were encountered: