Implement query signature verification #449
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hey,
This patch implements:
Query signature validation for SLO redirect bindings.
Query signing was also slightly refactored to fix the query getting fully signed instead of only the expected req+relay+alg format (also made it easier to implement tests for it)
Section 3.4.4.1 Oasis
SigAlg, and SAMLRequest (or SAMLResponse) query string parameters (each one URL-
encoded) is constructed in one of the following ways (ordered as below):
content in the original query string is not included and not signed.
It can probably be adapted for validations in other scenarios.
Please advise on style, structure or other modifications that would help the project