Remove direct calls to xmlseclib

Most of our SAML/XML handling is done via the SimpleSAMLphp/SAML2 library. But in three places, we still call xmlseclibs directly:

- https://github.com/OpenConext/OpenConext-engineblock/blob/main/src/OpenConext/EngineBlock/Metadata/X509/X509PrivateKey.php#L64
- https://github.com/OpenConext/OpenConext-engineblock/blob/main/src/OpenConext/EngineBlock/Xml/DocumentSigner.php#L46
- https://github.com/OpenConext/OpenConext-engineblock/blob/main/library/EngineBlock/X509/PrivateKey.php#L45

Investigate whether we can replace these with functionality of SAML2.

The advantage of that is that we have a single point of entrey into xmlseclibs, and because SAML2 is implementing additional safeguards against wrapping attacks and such, it makes us a little more robust against xmlseclibs/libxml bugs.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove direct calls to xmlseclib #1939

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Remove direct calls to xmlseclib #1939

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions