ahacker1
ahacker1
Yea, looks good to me. I removed the changelog.md file
Added! to repo @cjbarth please accept the nivite
@cjbarth i really appreciate the efforts spent reviewing the changes. However, I have deadlines to meet. The code currently just works with other SAML libraries. We want to ship it...
Yea, but the new changes are secure. **AND doesn't break anyone** I have spent time perfecting both of those cases, and I really want to get it done. Now, we...
I don't have the time to keep on arguing on these small cosmetic changes, (note each response takes like 1 day to resolve), we'll be sidelined by months if we...
Yea that would be great. Changes so far look good
Yep
When you use: validateElementAgainstReferences(myElement, doc). This ends up crytographically authenticating: https://github.com/node-saml/xml-crypto/blob/cc24755d3b170ba6991a573c8091b96a341405c7/src/signed-xml.ts#L499C13-L499C21 canonXml. See the code on how canonXml is generated. **However**, the client will ultimately processing **myElement**, not **canonXml**. These...
There needs to be some way of getting the user to use the new API to verify XML Signatures. Technically, users can still use the old API, but they **must**...
> .reference contains non-canonical data that is potentially dangerous, why would we say they can use it at all? Are you referring to the other properties that are returned? They...