Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add support for decrypting EncryptedIDs #238

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add support for decrypting EncryptedIDs #238

wants to merge 4 commits into from

Conversation

flupzor
Copy link
Contributor

@flupzor flupzor commented Jan 28, 2021

This PR adds support for decrypting Responses which include EncryptedIDs in the AttributeStatement/Attribute section.

@pitbulk
Copy link
Contributor

pitbulk commented Jan 28, 2021

Not a common scenario to have EncryptedIDs instead the whole assertion encrypted, but something to review and merge.
Thanks

@flupzor flupzor force-pushed the pr-encrypted-ids-rebased branch from 9a01a84 to 08bcfd0 Compare February 25, 2021 13:51
@flupzor
Copy link
Contributor Author

flupzor commented Feb 25, 2021

I removed a commit which changed the behavior of 'validate_num_assertions'. I messed up and it should've been part of #247 and as @pitbulk pointed out, ignoring the Advice element can allow XML signature wrapping attacks.

@pitbulk pitbulk force-pushed the master branch 2 times, most recently from 4fa3934 to acef8eb Compare December 26, 2022 01:53
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement informative wontfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@flupzor @pitbulk