Skip to content

SAML encrypted assertion decryption fails with xmlenc#sha256 digest URI (namespace compatibility) #272

Description

@alohaninja

Problem

SAML encrypted assertion decryption fails when Identity Providers use the xmlenc namespace URI for SHA-256 digest methods instead of the xmldsig namespace URI.

Error: unsupported digest algorithm: http://www.w3.org/2001/04/xmlenc#sha256

Image

Background

Per the W3C XML Encryption 1.1 Recommendation (Syntax and Processing), both namespace URIs are valid for SHA-256:

  • xmldsig namespace: http://www.w3.org/2000/09/xmldsig#sha256
  • xmlenc namespace: http://www.w3.org/2001/04/xmlenc#sha256

Some Identity Providers (notably PingFederate and others following XML Encryption 1.1) use the xmlenc namespace URI, which is the correct namespace per the XML Encryption specification.

Root Cause

In types/encrypted_key.go, the DecryptSymmetricKey() method only recognizes the xmldsig namespace:

const (
    MethodSHA1   = "http://www.w3.org/2000/09/xmldsig#sha1"
    MethodSHA256 = "http://www.w3.org/2000/09/xmldsig#sha256"  // Only xmldsig
    MethodSHA512 = "http://www.w3.org/2000/09/xmldsig#sha512"
)

The switch statement only matches these constants, causing xmlenc namespace URIs to fall through to the default case and return "unsupported digest algorithm".

Impact

This prevents SAML SSO authentication for organizations using IdPs that follow the XML Encryption 1.1 specification and use the xmlenc namespace for digest methods. This affects compatibility with:

  • PingFederate (when configured with SHA-256)
  • Other IdPs following XML Encryption 1.1 best practices
  • Organizations migrating from SHA-1 to SHA-256 for security compliance

Proposed Fix

Add support for xmlenc namespace URIs by extending the constants and switch statement:

const (
    MethodSHA1   = "http://www.w3.org/2000/09/xmldsig#sha1"
    MethodSHA256 = "http://www.w3.org/2000/09/xmldsig#sha256"
    MethodSHA512 = "http://www.w3.org/2000/09/xmldsig#sha512"
    // Add xmlenc namespace variants (same algorithms, different namespace)
    MethodSHA256XML = "http://www.w3.org/2001/04/xmlenc#sha256"
    MethodSHA512XML = "http://www.w3.org/2001/04/xmlenc#sha512"
)

And update the switch statement:

switch ek.EncryptionMethod.DigestMethod.Algorithm {
case "", MethodSHA1:
    h = sha1.New()
case MethodSHA256, MethodSHA256XML:  // Accept both namespaces
    h = sha256.New()
case MethodSHA512, MethodSHA512XML:  // Accept both namespaces
    h = sha512.New()
default:
    return nil, fmt.Errorf("unsupported digest algorithm: %v",
        ek.EncryptionMethod.DigestMethod.Algorithm)
}

References

  • W3C XML Encryption 1.1 Recommendation: https://www.w3.org/TR/xmlenc-core1/
  • Both namespace URIs are valid per the specification
  • Other Go SAML libraries (e.g., github.com/moov-io/signedxml) already support xmlenc namespace URIs

Priority

This is a compatibility issue that prevents SAML SSO for organizations using standards-compliant Identity Providers. The fix is minimal (2 lines of code) and improves standards compliance.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions