Improve audience mismatch error message#257
Merged
cjbarth merged 1 commit intonode-saml:masterfrom Apr 12, 2023
Merged
Conversation
cjbarth
approved these changes
Apr 12, 2023
AlbertPangilinan
pushed a commit
to Foxquilt/foxden-node-saml
that referenced
this pull request
Sep 22, 2025
AlbertPangilinan
added a commit
to Foxquilt/foxden-node-saml
that referenced
this pull request
Sep 23, 2025
* Bump xml-encryption from 3.0.1 to 3.0.2 (node-saml#236) Bumps [xml-encryption](https://github.com/auth0/node-xml-encryption) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/auth0/node-xml-encryption/releases) - [Commits](https://github.com/auth0/node-xml-encryption/commits) --- updated-dependencies: - dependency-name: xml-encryption dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump xml2js from 0.4.23 to 0.5.0 (node-saml#268) Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) from 0.4.23 to 0.5.0. - [Release notes](https://github.com/Leonidas-from-XIV/node-xml2js/releases) - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits/0.5.0) --- updated-dependencies: - dependency-name: xml2js dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Release 4.0.4 * Update minor dependencies (node-saml#269) * Improve audience mismatch error message (node-saml#257) * feat: add public getAuthorizeMessage method (node-saml#235) * Acknowledge that XML can be parsed to `any` (node-saml#271) * feat: support additionalParams on HTTP-POST binding (node-saml#263) * Make `callbackUrl` manditory (node-saml#214) * Add public key support (node-saml#225) Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> * Remove types specific to Passport (node-saml#226) * Export types required for SamlOptions (node-saml#224) * Bump vm2 from 3.9.16 to 3.9.19 (node-saml#277) Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.16 to 3.9.19. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.16...3.9.19) --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump json5 from 2.2.1 to 2.2.3 (node-saml#244) Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.1...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump prettier from 2.8.7 to 2.8.8 (node-saml#274) Bumps [prettier](https://github.com/prettier/prettier) from 2.8.7 to 2.8.8. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.8.7...2.8.8) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/parser from 5.58.0 to 5.59.8 (node-saml#281) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.58.0 to 5.59.8. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.8/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump codecov/codecov-action from 3.1.1 to 3.1.4 (node-saml#279) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.1 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3.1.1...v3.1.4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update minor dependencies (node-saml#283) * Roll-up changelog entries for beta releases (node-saml#282) * Fix spelling and normalize naming (node-saml#278) * Remove express dependency (node-saml#284) * Prefer Chai `expect` to Node `assert` (node-saml#286) * Add test coverage (node-saml#287) * Separate linting out from testing (node-saml#288) * Remove dependency on Passport types (node-saml#296) * Add tests for XML parsing with comments (node-saml#285) * Bump concurrently from 7.6.0 to 8.2.0 (node-saml#290) Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 7.6.0 to 8.2.0. - [Release notes](https://github.com/open-cli-tools/concurrently/releases) - [Commits](open-cli-tools/concurrently@v7.6.0...v8.2.0) --- updated-dependencies: - dependency-name: concurrently dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/parser from 5.59.9 to 5.60.1 (node-saml#292) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.9 to 5.60.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump typescript from 4.8.4 to 5.1.6 (node-saml#293) Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.4 to 5.1.6. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](https://github.com/Microsoft/TypeScript/commits) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Allow 5.x series for TypeScript --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sinon from 14.0.2 to 15.2.0 (node-saml#294) Bumps [sinon](https://github.com/sinonjs/sinon) from 14.0.2 to 15.2.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v14.0.2...v15.2.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump word-wrap from 1.2.3 to 1.2.4 (node-saml#298) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/parser from 5.59.9 to 5.62.0 (node-saml#299) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.9 to 5.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.62.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @xmldom/xmldom from 0.8.8 to 0.8.10 (node-saml#301) Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.8 to 0.8.10. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.8...0.8.10) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.62.0 (node-saml#302) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.9 to 5.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.62.0/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @types/node from 14.18.50 to 14.18.53 (node-saml#303) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.18.50 to 14.18.53. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @cjbarth/github-release-notes from 4.0.0 to 4.1.0 (node-saml#304) Bumps [@cjbarth/github-release-notes](https://github.com/cjbarth/github-release-notes) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/cjbarth/github-release-notes/releases) - [Changelog](https://github.com/cjbarth/github-release-notes/blob/master/CHANGELOG.md) - [Commits](cjbarth/github-release-notes@4.0.0...4.1.0) --- updated-dependencies: - dependency-name: "@cjbarth/github-release-notes" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump release-it from 15.11.0 to 16.1.3 (node-saml#305) Bumps [release-it](https://github.com/release-it/release-it) from 15.11.0 to 16.1.3. - [Release notes](https://github.com/release-it/release-it/releases) - [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md) - [Commits](release-it/release-it@15.11.0...16.1.3) --- updated-dependencies: - dependency-name: release-it dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint from 8.42.0 to 8.45.0 (node-saml#306) Bumps [eslint](https://github.com/eslint/eslint) from 8.42.0 to 8.45.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.42.0...v8.45.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump prettier-plugin-packagejson from 2.4.3 to 2.4.5 (node-saml#307) Bumps [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) from 2.4.3 to 2.4.5. - [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases) - [Commits](matzkoh/prettier-plugin-packagejson@v2.4.3...v2.4.5) --- updated-dependencies: - dependency-name: prettier-plugin-packagejson dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump prettier from 2.8.8 to 3.0.0 (node-saml#300) Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.8.8...3.0.0) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Lint --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> * Merge pull request from GHSA-vx8m-6fhw-pccw * Added verifyLogoutRequest to validatePostRequestAsync flow * Added bad expiration test * Updated IssueInstance to be in the past * Enforce valid setting for validateInResponseTo (node-saml#314) * Add test coverage for initialize() of saml.ts (node-saml#327) * Fixes `node-saml` not checking all `Audience`s in an `AudienceRestriction` (node-saml#340) * Upgrade to latest version of xml-crypto (node-saml#341) * Update to current Node versions (node-saml#342) * Fix metadata order (node-saml#334) Use the element order defined by "saml-schema-metadata-2.0.xsd" Closes node-saml#333 * Export generateServiceProviderMetadata (node-saml#337) * Rename `cert` to `idpCert` and `signingCert` to `publicCert` (node-saml#343) * Added X509 certificate to KeyInfo X509Data, if passed through options (node-saml#36) Co-authored-by: Ganesh Kshirsagar <ganesh.kshirsagar@nice.com> Co-authored-by: Barry Hagan <barryhagan@gmail.com> Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> * Update minor dependencies and Node to 18 (node-saml#344) * Bump actions/checkout from 3 to 4 (node-saml#330) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sinon and @types/sinon (node-saml#349) Bumps [sinon](https://github.com/sinonjs/sinon) and [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon). These dependencies needed to be updated together. Updates `sinon` from 15.2.0 to 17.0.1 - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v15.2.0...v17.0.1) Updates `@types/sinon` from 10.0.20 to 17.0.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/sinon" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-plugin-deprecation from 1.5.0 to 2.0.0 (node-saml#347) Bumps [eslint-plugin-deprecation](https://github.com/gund/eslint-plugin-deprecation) from 1.5.0 to 2.0.0. - [Release notes](https://github.com/gund/eslint-plugin-deprecation/releases) - [Changelog](https://github.com/gund/eslint-plugin-deprecation/blob/master/CHANGELOG.md) - [Commits](gund/eslint-plugin-deprecation@v1.5.0...v2.0.0) --- updated-dependencies: - dependency-name: eslint-plugin-deprecation dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-config-prettier from 8.10.0 to 9.1.0 (node-saml#345) Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 8.10.0 to 9.1.0. - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-config-prettier@v8.10.0...v9.1.0) --- updated-dependencies: - dependency-name: eslint-config-prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-plugin-prettier from 4.2.1 to 5.1.3 (node-saml#346) Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) from 4.2.1 to 5.1.3. - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md) - [Commits](prettier/eslint-plugin-prettier@v4.2.1...v5.1.3) --- updated-dependencies: - dependency-name: eslint-plugin-prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump release-it from 16.3.0 to 17.0.5 (node-saml#348) Bumps [release-it](https://github.com/release-it/release-it) from 16.3.0 to 17.0.5. - [Release notes](https://github.com/release-it/release-it/releases) - [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md) - [Commits](release-it/release-it@16.3.0...17.0.5) --- updated-dependencies: - dependency-name: release-it dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Release 5.0.0 * Update sponsor acknowledgements (node-saml#365) * Docs: add pitch to encourage more sponsors (node-saml#366) * feat: improve error messages when validating pems (node-saml#373) * docs: Update README.md set never default validateInResponseTo (node-saml#384) * Adjust to support type stripping (node-saml#389) * Update xml-crypto to address CVE (node-saml#388) This update addresses the following CVE: CVE-2025-29774; CVE-2025-29775 * Release 5.0.1 * Update dependencies (node-saml#391) * Adjust linting rules for line endings (node-saml#393) * Export custom SamlStatusError (node-saml#394) * add CI test & lint for Node.js 22 (node-saml#386) * Use new .signedReferences interace in xml-crypto to "see what is signed" (node-saml#397) * Update sponsors: Stytch (node-saml#395) * Release 5.1.0 * Update to support Node strip-only TypeScript support (node-saml#407) * Security: remove debug dependency (node-saml#406) * ARCH-32 node_saml changes * ARCH-32_fixed test * ARCH-32 updated the review comments * ARCH-32 package.json changes * ARCH-32 updated package json * ARCH-32 access to public * upgraded circleci node version to 22 * updated yarn.lock * removed package-lock.json * reset config.yml except for node version * reset workflow.yml * added 22.x to node-version matrix * fixed package-lock.json * fixed package-lock.json and yarn.lock * fixed node version number in package.json --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> Co-authored-by: gmhewett <gmhewett@users.noreply.github.com> Co-authored-by: aykutbulca <aykutbulca@gmail.com> Co-authored-by: Gert Sallaerts <1267900+GertSallaerts@users.noreply.github.com> Co-authored-by: RopoMen <RopoMen@users.noreply.github.com> Co-authored-by: jindazhao01 <137830289+jindazhao01@users.noreply.github.com> Co-authored-by: Adam Andreasson <hej@adamandreasson.se> Co-authored-by: 56 <kg0r0@yahoo.co.jp> Co-authored-by: Nikolay <catamphetamine@users.noreply.github.com> Co-authored-by: Salvador Ortiz <sog@msg.mx> Co-authored-by: Nathan Sarang-Walters <nwalters512@gmail.com> Co-authored-by: Ganesh Kshirsagar <ganeshakshirsagar@gmail.com> Co-authored-by: Ganesh Kshirsagar <ganesh.kshirsagar@nice.com> Co-authored-by: Barry Hagan <barryhagan@gmail.com> Co-authored-by: Mark Stosberg <mark@rideamigos.com> Co-authored-by: Kilian Finger <hey@kilianfinger.com> Co-authored-by: Kiran Mali <39133739+kdhttps@users.noreply.github.com> Co-authored-by: Manan Jadhav <166636237+manan-jadhav-ab@users.noreply.github.com> Co-authored-by: ahacker1 <alex@securesaml.com> Co-authored-by: howard-stytch <89414701+howard-stytch@users.noreply.github.com> Co-authored-by: suriyaka <106838750+suriyaka@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR improves the error message for an audience mismatch during assertion validation.
resolves #256
Use Case
When debugging audience mismatch errors, logging the expected and actual audience values would help improve the developer experience and reduce debug time when things are set up incorrectly.
SAML v2 Spec
The
Audienceelement is described in section 2.5.1.4 "Elements <AudienceRestriction> and <Audience>". Here is a relevant description from the spec:The description indicates that this value is not a secret nor protected value, so printing the audience in an error message should not be a security issue.
Checklist: