Don't rely on InclusiveNamespaces for namespace declarations #81
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
add_namespaces_to_child_assertions
function assumes the presence of anInclusiveNamespaces
element
from which it will read a list of namespaces.
If this is present, any namespace definitions declared by InclusiveNamespaces
are copied from the Response element to the Assertion. Then, when the Assertion
element is handled in isolation from the rest of the Response document, the
namespaces are all still defined.
However if the InclusiveNamespaces element is not found, no namespaces are
copied. If then the Assertion element is namespaced (e.g.
<saml:Assertion>
),it will not be
found
and the document will be treated as not having an assertion at all.
If there is an InclusiveNamespaces element, we will continue to use that as
before to read the namespaces to apply to the Assertion element.
However if there is none (or it's empty), we'll just read all the namespaces from the Response
element onto the Assertion element.
This should ensure all the necessary namespaces are defined when the Assertion is used out of context, such as to validate the signature.