Skip to content

specify namespace while using xpath #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nicolasfranck wants to merge 1 commit into
base: master
Choose a base branch
from
Open

specify namespace while using xpath #49

nicolasfranck wants to merge 1 commit into from

Conversation

@nicolasfranck
Copy link

@nicolasfranck nicolasfranck commented Jun 29, 2017

Some cas servers send this XML file:

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-JVgp7bbMHiwILUsnQHunXED3vrfEl57pbpZ" Version="2.0" IssueInstant="2017-06-29T10:56:17Z">
  <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID>
  <samlp:SessionIndex>ST-3-2ORKCpJ9HsnAT0v9df5U-cas01.example.org</samlp:SessionIndex>
</samlp:LogoutRequest>

As you can see, the namespace "saml" is not defined in the root,
so Nokogiri does not register it automatically, leading to this error on
single sign out request:

Started POST "/users/auth/cas/callback?url=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fsign_in" for 127.0.0.1 at 2017-06-29 10:56:17 +0200
I, [2017-06-29T10:56:17.300172 #92436]  INFO -- omniauth: (cas) Callback phase initiated.
E, [2017-06-29T10:56:17.308365 #92436] ERROR -- omniauth: (cas) Authentication failure! logout_request: Nokogiri::XML::XPath::SyntaxError, Undefined namespace prefix: //saml:NameID
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"logoutRequest"=>"<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"LR-3-JVgp7bbMHiwILUsnQHunXED3vrfEl57pbpZ\" Version=\"2.0\" IssueInstant=\"2017-06-29T10:56:17Z\"><saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-3-2ORKCpJ9HsnAT0v9df5U-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>", "url"=>"http://localhost:3000/users/sign_in"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)

I added the namespace mapping to every xpath query

@jgribonvald
Copy link

jgribonvald commented Jan 21, 2022

@dlindahl This Pull Request fix the error on logout request, this can be merged

@nicolasfranck how are you managing session to be able to apply the SLO ? Do you have an example somewhere ? Are you overreding the sessionID with the CAS ST, or linking it with the CAS ST ? on other way ? Sorry I'm not really familiar of RoR framework practice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nicolasfranck @jgribonvald