Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 #328

Open
rahxam opened this issue Jul 2, 2023 · 7 comments
Open

[ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 #328

rahxam opened this issue Jul 2, 2023 · 7 comments
Labels
pr-welcome

Comments

@rahxam
Copy link

rahxam commented Jul 2, 2023

Is your feature request related to a problem? Please describe...

I am trying to connect to a SAML IDP which expects a http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 Signature as described in rfc6931 RSASSA-PSS without Parameters.

Unfortunately, I am a bit stuck on how to implement it.

Describe teh solution you'd like...

I would like to have a new option to use http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 signatures.

Describe the alternatives you've considered...

I tried to use https://github.com/digitalbazaar/forge to calculate the signature, but did not have any success.
@cjbarth
Copy link
Contributor

cjbarth commented Jul 6, 2023

The first step would be to see if NodeJS supports this. If so, then you can easily put up a PR that mimics the existing methods for doing this. If not, you'll have to figure that out yourself and create a function to do it by hand.

@rahxam
Copy link
Author

rahxam commented Jul 10, 2023

I was able to implement it with https://www.npmjs.com/package/node-forge#rsa, but I guess the dependency is a bit overkill for xml-crypto.

@cjbarth
Copy link
Contributor

cjbarth commented Jul 11, 2023

In that case you might just use the plugable nature of this library to add such support yourself. There should be information in the README on that.

@rahxam
Copy link
Author

rahxam commented Jul 11, 2023

Hey,
Yes, I actually did, but I am using passport-saml and I needed to fork node-saml and xml-encryption as well to use the algorithm in xml-crypto and get everything running, which is lot's of forks for 10 lines of code.

@cjbarth
Copy link
Contributor

cjbarth commented Jul 11, 2023

If you'd like to add support for custom signing methods to node-saml, I'd be happy to look at that. This way you could just pass your function through node-saml to xml-crypto.

@cornzz
Copy link

cornzz commented Dec 10, 2024
edited
Loading

Hi @cjbarth, any info on whether this is planned?
I have posted on the discussions board about this, our IDP (BundID) is switching to sha256-rsa-MGF1 next year and we would optimally like to keep using node-saml for our auth process. Maybe I can help?

@cjbarth
Copy link
Contributor

cjbarth commented Dec 10, 2024

@cornzz , I've been a little busy lately, but I always try to do a big release of all the updates and new features to coincide with the NodeJS release schedule. So, in the coming months we'll be doing that. I'm not writing much code for this anymore. The only bit of code that I'm thinking I might get to is #464. Other than that, I'll review code and consult on development, but I depend on others to write it. If you and @rahxam would like to put up a PR, I'll gladly look at it and get your changes merged in so that you don't have to use a fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pr-welcome
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rahxam @cjbarth @cornzz