From 391435851c27bc8d40c90176d725951add406ae8 Mon Sep 17 00:00:00 2001 From: Marco Ardizzone Date: Wed, 3 Sep 2025 17:04:13 +0200 Subject: [PATCH 1/2] fix: IDPSSODescriptorType params order --- pkg/provider/xml/md/models.go | 46 +++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/pkg/provider/xml/md/models.go b/pkg/provider/xml/md/models.go index 0679754..5f61f2a 100644 --- a/pkg/provider/xml/md/models.go +++ b/pkg/provider/xml/md/models.go @@ -150,27 +150,31 @@ type SSODescriptorType struct { } type IDPSSODescriptorType struct { - XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata IDPSSODescriptor"` - WantAuthnRequestsSigned string `xml:"WantAuthnRequestsSigned,attr,omitempty"` - Id string `xml:"ID,attr,omitempty"` - ValidUntil string `xml:"validUntil,attr,omitempty"` - CacheDuration string `xml:"cacheDuration,attr,omitempty"` - ProtocolSupportEnumeration AnyURIListType `xml:"protocolSupportEnumeration,attr"` - ErrorURL string `xml:"errorURL,attr,omitempty"` - SingleSignOnService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata SingleSignOnService"` - NameIDMappingService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata NameIDMappingService"` - AssertionIDRequestService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AssertionIDRequestService"` - AttributeProfile []string `xml:"AttributeProfile"` - Attribute []*saml.AttributeType `xml:"Attribute"` - ArtifactResolutionService []IndexedEndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata ArtifactResolutionService"` - SingleLogoutService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata SingleLogoutService"` - ManageNameIDService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata ManageNameIDService"` - NameIDFormat []string `xml:"NameIDFormat"` - Signature *xml_dsig.SignatureType `xml:"Signature"` - Extensions *ExtensionsType `xml:"Extensions"` - KeyDescriptor []KeyDescriptorType `xml:"KeyDescriptor"` - Organization *OrganizationType `xml:"Organization"` - ContactPerson []ContactType `xml:"ContactPerson"` + XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata IDPSSODescriptor"` + WantAuthnRequestsSigned string `xml:"WantAuthnRequestsSigned,attr,omitempty"` + Id string `xml:"ID,attr,omitempty"` + ValidUntil string `xml:"validUntil,attr,omitempty"` + CacheDuration string `xml:"cacheDuration,attr,omitempty"` + ProtocolSupportEnumeration AnyURIListType `xml:"protocolSupportEnumeration,attr"` + ErrorURL string `xml:"errorURL,attr,omitempty"` + + // DO NOT CHANGE THE ORDER OF THESE PARAMS. + // See https://groups.oasis-open.org/higherlogic/ws/public/download/51890/SAML%20MD%20simplified%20overview.pdf/latest chapter 2.10 + Extensions *ExtensionsType `xml:"Extensions"` + KeyDescriptor []KeyDescriptorType `xml:"KeyDescriptor"` + ArtifactResolutionService []IndexedEndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata ArtifactResolutionService"` + SingleLogoutService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata SingleLogoutService"` + NameIDFormat []string `xml:"NameIDFormat"` + SingleSignOnService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata SingleSignOnService"` + + NameIDMappingService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata NameIDMappingService"` + AssertionIDRequestService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AssertionIDRequestService"` + AttributeProfile []string `xml:"AttributeProfile"` + Attribute []*saml.AttributeType `xml:"Attribute"` + ManageNameIDService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata ManageNameIDService"` + Signature *xml_dsig.SignatureType `xml:"Signature"` + Organization *OrganizationType `xml:"Organization"` + ContactPerson []ContactType `xml:"ContactPerson"` //InnerXml string `xml:",innerxml"` } From 12896ef44bd41b48b9fc949da03ada6c94b7a16a Mon Sep 17 00:00:00 2001 From: Marco Ardizzone Date: Wed, 3 Sep 2025 17:21:27 +0200 Subject: [PATCH 2/2] fix: AttributeAuthorityDescriptorType params order --- pkg/provider/xml/md/models.go | 55 ++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/pkg/provider/xml/md/models.go b/pkg/provider/xml/md/models.go index 5f61f2a..e3e3365 100644 --- a/pkg/provider/xml/md/models.go +++ b/pkg/provider/xml/md/models.go @@ -167,14 +167,16 @@ type IDPSSODescriptorType struct { NameIDFormat []string `xml:"NameIDFormat"` SingleSignOnService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata SingleSignOnService"` - NameIDMappingService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata NameIDMappingService"` - AssertionIDRequestService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AssertionIDRequestService"` - AttributeProfile []string `xml:"AttributeProfile"` - Attribute []*saml.AttributeType `xml:"Attribute"` - ManageNameIDService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata ManageNameIDService"` - Signature *xml_dsig.SignatureType `xml:"Signature"` - Organization *OrganizationType `xml:"Organization"` - ContactPerson []ContactType `xml:"ContactPerson"` + NameIDMappingService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata NameIDMappingService"` + AssertionIDRequestService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AssertionIDRequestService"` + + // AttributeProfile MUST be before Attribute + AttributeProfile []string `xml:"AttributeProfile"` + Attribute []*saml.AttributeType `xml:"Attribute"` + ManageNameIDService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata ManageNameIDService"` + Signature *xml_dsig.SignatureType `xml:"Signature"` + Organization *OrganizationType `xml:"Organization"` + ContactPerson []ContactType `xml:"ContactPerson"` //InnerXml string `xml:",innerxml"` } @@ -258,22 +260,27 @@ type PDPDescriptorType struct { } type AttributeAuthorityDescriptorType struct { - XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata AttributeAuthorityDescriptor"` - Id string `xml:"ID,attr,omitempty"` - ValidUntil string `xml:"validUntil,attr,omitempty"` - CacheDuration string `xml:"cacheDuration,attr,omitempty"` - ProtocolSupportEnumeration AnyURIListType `xml:"protocolSupportEnumeration,attr"` - ErrorURL string `xml:"errorURL,attr,omitempty"` - AttributeService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AttributeService"` - AssertionIDRequestService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AssertionIDRequestService"` - NameIDFormat []string `xml:"NameIDFormat"` - AttributeProfile []string `xml:"AttributeProfile"` - Attribute []*saml.AttributeType `xml:"Attribute"` - Signature *xml_dsig.SignatureType `xml:"Signature"` - Extensions *ExtensionsType `xml:"Extensions"` - KeyDescriptor []KeyDescriptorType `xml:"KeyDescriptor"` - Organization *OrganizationType `xml:"Organization"` - ContactPerson []ContactType `xml:"ContactPerson"` + XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata AttributeAuthorityDescriptor"` + Id string `xml:"ID,attr,omitempty"` + ValidUntil string `xml:"validUntil,attr,omitempty"` + CacheDuration string `xml:"cacheDuration,attr,omitempty"` + ProtocolSupportEnumeration AnyURIListType `xml:"protocolSupportEnumeration,attr"` + ErrorURL string `xml:"errorURL,attr,omitempty"` + + // DO NOT CHANGE THE ORDER OF THESE PARAMS. + // See https://groups.oasis-open.org/higherlogic/ws/public/download/51890/SAML%20MD%20simplified%20overview.pdf/latest chapter 2.1 + KeyDescriptor []KeyDescriptorType `xml:"KeyDescriptor"` + AttributeService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AttributeService"` + NameIDFormat []string `xml:"NameIDFormat"` + + AssertionIDRequestService []EndpointType `xml:"urn:oasis:names:tc:SAML:2.0:metadata AssertionIDRequestService"` + // AttributeProfile MUST be before Attribute + AttributeProfile []string `xml:"AttributeProfile"` + Attribute []*saml.AttributeType `xml:"Attribute"` + Signature *xml_dsig.SignatureType `xml:"Signature"` + Extensions *ExtensionsType `xml:"Extensions"` + Organization *OrganizationType `xml:"Organization"` + ContactPerson []ContactType `xml:"ContactPerson"` //InnerXml string `xml:",innerxml"` }