Skip to content

Send entire EncryptedAssertion (not just EncryptedData) to xmlenc.decrypt #85

Description

@mitakuye

Because xml-encryption.decrypt tries to decrypt the "EncryptedKey" (https://github.com/auth0/node-xml-encryption/blob/master/lib/xmlenc.js#L129) before decrypting "EncryptedData", need to pass the entire "EncryptedAssertion" to xml-encryption.decrypt, so the "EncryptedKey -> EncryptedMethod" can be found with a signed SamlRespone, with a signed and encrypted Assertion. Per the spec (http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd), the "EncryptedData" and "EncryptedKey" are separate AND the "EncryptedKey" can be referenced from the "EncryptedData"
... which is happening in the attached assertion.

saml_assertion_refs_EncryptedKey.xml.txt

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions