Skip to content

Commit

Permalink
Changing ID check from PR #49 to not depend on idAttributes in Signed…
Browse files Browse the repository at this point in the history 
…Xml.
  • Loading branch information
@ploer
ploer committed Jun 27, 2014
1 parent 20d503e commit 631557e
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions lib/passport-saml/saml.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,14 +282,13 @@ SAML.prototype.validateSignature = function (fullXml, currentNode, cert) {
var refUri = sig.references[0].uri;
var refId = (refUri[0] === '#') ? refUri.substring(1) : refUri;
// If we can't find the reference at the top level, reject
var idAttribute = sig.idAttributes.filter(function (attribute) {
return currentNode.getAttribute(attribute) == refId;
})[0];
if (idAttribute === undefined)
var idAttribute = currentNode.getAttribute('ID') ? 'ID' : 'Id';
if (currentNode.getAttribute(idAttribute) != refId)
return false;
// If we find any extra referenced nodes, reject. (xml-crypto only verifies one digest, so
// multiple candidate references is bad news)
var totalReferencedNodes = xpath(currentNode.ownerDocument, "//*[@" + idAttribute + "='" + refId + "']");
var totalReferencedNodes = xpath(currentNode.ownerDocument,
"//*[@" + idAttribute + "='" + refId + "']");
if (totalReferencedNodes.length > 1)
return false;
return sig.checkSignature(fullXml);
Expand Down

0 comments on commit 631557e

Please sign in to comment.