Skip to content

Allow extensions#49

Draft
Weasy666 wants to merge 4 commits intonjaremko:masterfrom
Weasy666:allow-extensions
Draft

Allow extensions#49
Weasy666 wants to merge 4 commits intonjaremko:masterfrom
Weasy666:allow-extensions

Conversation

@Weasy666
Copy link
Copy Markdown
Contributor

@Weasy666 Weasy666 commented Apr 10, 2024
edited
Loading

This PR implements the Extensions struct and adds it to the AuthnRequest. This allows to create requests with arbitrary extensions, like this:

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="..."
    Version="2.0" IssueInstant="2024-04-10T15:24:12.152Z"
    Destination="..."
    ForceAuthn="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    AssertionConsumerServiceURL="...">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://examplecom</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
            <ds:Reference URI="...">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <ds:DigestValue>...</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>...</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                ...
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Extensions>
        <example:AuthenticationRequest xmlns:example="https://www.example.com/request/2020/09" Version="2">
            <example:RequestedAttributes>
                <example:RequestedAttribute Name="urn:name1"
                    RequiredAttribute="false" />
                <example:RequestedAttribute Name="urn:name2"
                    RequiredAttribute="false" />
                <example:RequestedAttribute Name="urn:name2"
                    RequiredAttribute="false" />
            </example:RequestedAttributes>
            <example:DisplayInformation>
                <ui:Version  xmlns:ui="https://www.example.com/request/2020/09/ui/v1">
                    <ui:DisplayName>Fancy name</ui:DisplayName>
                </ui:Version>
            </example:DisplayInformation>
        </example:AuthenticationRequest>
    </saml2p:Extensions>
    <saml2p:NameIDPolicy AllowCreate="true" />
</saml2p:AuthnRequest>

I am not exactly happy with using a Vec<String> as internal data for the Extensions struct, which means the extensions can only be serialized. Deserialization does not work with how quick-xml is working currently, because we don't know beforehand which name each single extension element has and we are also not able to add a field with "dynamic" objects quick-xml does not know how to deserialize this. It also does not have the ability to just deserialize the elements into raw strings. There is an issue for that, see tafia/quick-xml#257, but it's not implemented right now.

@Weasy666 Weasy666 marked this pull request as draft May 29, 2024 15:35
@Weasy666
Copy link
Copy Markdown
Contributor Author

Weasy666 commented May 29, 2024

I think i've found a better solution. Will update this in the coming weeks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Weasy666