Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

specify namespace while using xpath #49

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

specify namespace while using xpath #49

wants to merge 1 commit into from

Conversation

nicolasfranck
Copy link

Some cas servers send this XML file:

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-JVgp7bbMHiwILUsnQHunXED3vrfEl57pbpZ" Version="2.0" IssueInstant="2017-06-29T10:56:17Z">
  <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID>
  <samlp:SessionIndex>ST-3-2ORKCpJ9HsnAT0v9df5U-cas01.example.org</samlp:SessionIndex>
</samlp:LogoutRequest>

As you can see, the namespace "saml" is not defined in the root,
so Nokogiri does not register it automatically, leading to this error on
single sign out request:

Started POST "/users/auth/cas/callback?url=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fsign_in" for 127.0.0.1 at 2017-06-29 10:56:17 +0200
I, [2017-06-29T10:56:17.300172 #92436]  INFO -- omniauth: (cas) Callback phase initiated.
E, [2017-06-29T10:56:17.308365 #92436] ERROR -- omniauth: (cas) Authentication failure! logout_request: Nokogiri::XML::XPath::SyntaxError, Undefined namespace prefix: //saml:NameID
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"logoutRequest"=>"<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"LR-3-JVgp7bbMHiwILUsnQHunXED3vrfEl57pbpZ\" Version=\"2.0\" IssueInstant=\"2017-06-29T10:56:17Z\"><saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-3-2ORKCpJ9HsnAT0v9df5U-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>", "url"=>"http://localhost:3000/users/sign_in"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)

I added the namespace mapping to every xpath query

@jgribonvald
Copy link

@dlindahl This Pull Request fix the error on logout request, this can be merged

@nicolasfranck how are you managing session to be able to apply the SLO ? Do you have an example somewhere ? Are you overreding the sessionID with the CAS ST, or linking it with the CAS ST ? on other way ? Sorry I'm not really familiar of RoR framework practice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nicolasfranck @jgribonvald