Comment by nimish

Comment by nimish 10 months ago

2 replies

Xml canonicalization is insane but necessary. Far more complex than the signature process itself

Then the incredibly stupid need to modify the signed document to insert the signature online so verifying it requires a full blown parser among other things

bfrog 10 months ago

Exactly, I had worked on creating a implementation of saml in go, initially I wanted to use the builtin xml library but quickly found it to be overwhelmingly difficult and ended up creating a binding to xmlsec.

  • nimish 10 months ago

    Go's XML namespace handling is broken and has been for years. It's a shame.