Reputation: 21
Namespace issue with pysaml2 XML canonicalization
I'm new to SAML and just encountered a problem when using pysaml2 to build an IdP. When creating a signed authn response, the canonicalization algorithm specified in xmldsig/init.py is exclusive canonicalization ('http://www.w3.org/2001/10/xml-exc-c14n#') and it will not include declarations for some namespaces which are necessary for some SPs (e.g. namespace xmlns:xs for QNames like in xsi:type="xs:string"). The W3C recommendation specified InclusiveNamespaces PrefixList to handle these cases, but I couldn't find how to do it in pysaml2. There's a similar issue here: https://bz.apache.org/bugzilla/show_bug.cgi?id=49710
Is there a solution for pysaml2? Either include these namespaces, or just remove all these xsi:type="xs:string".
Thank you!
Upvotes: 2
Views: 394
Answers (1)
Reputation: 35761
This issue is resolved in the pysaml2 4.3.0 release, available on pypi/pysaml2. Also see https://github.com/rohe/pysaml2/pull/336 and https://github.com/rohe/pysaml2/pull/365.
Upvotes: 0
Related Questions
- Python ElementTree namespace registering with two "empty prefix" namespaces
- ImportError: No module named dm.xmlsec.binding
- SAML response signiture missing
- Python namespaced xml-parsing error
- Installing pysaml2 with pip - the xmlsec1 requirement
- parsing XML with namespace in python 3 gives no data
- Does the XML Namespace of SAML AuthnRequest Matter?
- Validating SAML signature in python
- SAML 2.0 Decrypting EncryptedAssertion removes a namespace declaration?
- Turn on namespace mode with Python xml.sax