srd90

> I will try to find official specs on this. @imedacf are you looking for the spec at the end of this search path (step 3): 1. Link from your...

This is not an answer for your question. More like "side notes": I do not quite understand what you are trying to accomplish here with all the `Id` and `URI`...

I was also wondering back in the days what @CarlaMck77 might have meant with this >For it to work, I had to add the transform for C14n. On reading the...

>... we are ready for a semver-major release (pending a round of dependency updates). Please let me know if I've missed anything. @cjbarth commenting here even though this is not...

Issue reporters didn't share anything to work with so lets try at least something. At the time when issue was raised (based on timestamp) `xml-crypto` version was `1.5.3` and `xmlbuilder`...

Testing whether https://github.com/node-saml/xml-crypto/issues/212#issuecomment-1949310736 comments "second opinion case's" signed xml output verifies without errors with `xml-crypto` `1.5.3` (note: that XML has digestvalue that matches with content based on "third opinion" and...

IMHO author of the issue already answered to his/her own question: "Do not reuse the SignedXml object?" I.e. answer is: Do not reuse the SignedXml object. --- Based on these...

FWIW it sure looks like https://github.com/node-saml/xml-crypto/issues/165 was caused by same issue (pooling of SignedXml object instances). See how author of the issue https://github.com/node-saml/xml-crypto/issues/165 has named SignedXml object used at the...

Just out of curiosity: @tenjaa if you used shared SignedXml object instance over multiple requests didn't you also had a risk of leaking incorrect signed XML (access to your API...

@H-D-Choi your issue report speaks about "sign double the assertion" and it also speaks about xml-crypto not being able to validate SAMLResponse which has more than one signature. I.e. you...