Merge pull request #203 from waterkip/GH-201-xml_signature_for_saml_m…

…etadata Fix signature location bug
perl-net-saml2 · Feb 13, 2024 · 0588768 · 0588768
2 parents b8a297a + b98a763
commit 0588768
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/lib/Net/SAML2/SP.pm b/lib/Net/SAML2/SP.pm
@@ -688,11 +688,31 @@ sub metadata {
             sig_hash    => 'sha256',
             digest_hash => 'sha256',
             x509        => 1,
-            ns          => { md => 'urn:oasis:names:tc:SAML:2.0:metadata' },
+            ns          => { md => URN_METADATA },
             id_attr     => '/md:EntityDescriptor[@ID]',
         }
     );
-    return $signer->sign($metadata);
+    my $md = $signer->sign($metadata);
+
+    my $xp = XML::LibXML::XPathContext->new(
+        XML::LibXML->load_xml(string =>$md)
+    );
+    $xp->registerNs('md', URN_METADATA);
+    $xp->registerNs('dsig', URN_SIGNATURE);
+
+    my $nodes = $xp->findnodes('/md:EntityDescriptor[@ID]');
+    my $rootnode = $nodes->get_node(1);
+
+    my $child = $rootnode->firstChild;
+    return $md if $child->nodeName() eq 'dsig:Signature';
+
+    $nodes = $xp->findnodes('//dsig:Signature');
+    my $signode = $nodes->get_node(1);
+
+    $signode->unbindNode;
+    $rootnode->insertBefore($signode, $child);
+
+    return '<?xml version="1.0" encoding="UTF-8"?>' . $rootnode->toString;
 }
 
 =head2 get_default_assertion_service

diff --git a/t/02-create-sp.t b/t/02-create-sp.t
@@ -70,7 +70,10 @@ use URN::OASIS::SAML2 qw(:bindings :urn);
     }
 
 
-    get_single_node_ok($xpath, '//ds:Signature');
+    my $root_node = get_single_node_ok($xpath, '/md:EntityDescriptor');
+    my $signature_node = $root_node->firstChild;
+    is($signature_node->nodeName(),
+        'dsig:Signature', "First node is the signature");
 
     is(
         'e73560b0e23602121aedc55bcb1ca637',