Should xmlseclibs be updated to stay in line with the requirements of php-saml 3.5.0? #109
Comments
|
xmlseclibs 3.1.0 had a bug that was fixed in 3.1.1 I agree xmlseclibs must be updated here on ths plugin in order to support AES-128-GCM I had not tested yet deeply the AES-128-GCM support on php-saml that why I have not actively updated all the plugins depends on it. @TombLL, Is the source code of xmlseclibs 3.1.1 failing in your WP? I guess you used 3.1.0 which does not have the patch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, we were having issues on a wp-site using this plugin due to the fact that the IDP is using AES-128-GCM as their encryption algorithm. Support for that algorithm has been added in xmlseclib version 3.1.0: (https://github.com/robrichards/xmlseclibs/releases/tag/3.1.0).
I checked the dependencies on this module and found that the xmlseclib included in
onelogin-saml-sso/php/extlib/xmlseclibs/(version 3.0.4) is not in line with what php-saml version 3.5.0 is requiring in its composer file: (https://github.com/onelogin/php-saml/blob/3.5.0/composer.json). (xmlseclib >= version 3.1.1).I tried simply replacing the contents of the
extlib/xmlseclibs/with the source of the 3.1.1 version, but this did not completely solve our issue. It seems the error message is raised from the xmlseclibs library, so I don't expect an answer on that here. As I am unfamiliar with this library's code, I thought that perhaps there is something else that needs to be adjusted to account for the new version of xmlseclibs.Does anybody have ideas on this?
The text was updated successfully, but these errors were encountered: