saml
saml copied to clipboard
crewjam
Support ECDSA
It'd be really nice if this library supported ECDSA keys in addition to just RSA.
My application already has certificate infrastructure using Let's encrypt, but the keys are all ECDSA which makes it a pain to use this library.
The SAML spec supports ECDSA. I'm not sure how official https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html is, but it states that SAML implementations should support ECDSA.
sounds good, I don't know how many IDPs/SPs actually support ECDSA. I think we'd want some examples to get started. :)
Want to call for support for this again. Would be nice to have a variety of different key types supported.
We've recently run into this ourselves. Curious if anyone's experimented with it or if it's firmly in "do it yourself if you want it so badly" territory?
Also #503 might be relevant, although I haven't had a chance to review it yet.
https://github.com/russellhaering/goxmldsig/pull/89, which is pulled in by #503, supports ECDSA. So this should be covered once the PR is in.
@d4l3k @ZackaryWelch @john-floren-gravwell Hey all, #503 is in which supports ECDSA. I imagine this can be closed.
Finally got around to looking at it (tempus fugit) but it looks like #503 is for the IdP code, not the SP code.
We had the following issue: samlsp.Options expects a Key field, a *rsa.PrivateKey, to sign requests. Up until now we've just been grabbing the RSA private key from the SP's TLS cert... but if you generate ECDSA certs instead, you're out of luck!
Is there a way to make the service provider code work with ECDSA that I'm just overlooking, or will this require another PR?