-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xmlschema 3.0.1 broken dependency #947
Comments
Just bumping this issue. It happend in my case as well. I was casually upgrading the libs when suddenly xmlschema lib was upgraded and I started getting those errors while trying to run tests for my app:
I didn't dig into that, just wanted to let you know that there's something naughty going on. I will pinpoint the appropriate xmlschema version as well for my app. |
I have the same issue. It definitely should pin xmlschema version, as it just implicitly breaks the code for anyone who redeploy their application. |
I also have the same issue and pinned our xmlschema version for the time being. Thanks for opening this issue! |
hello everyone! Thank you for your report and for being patient. |
Hi, I am using
djangosaml2
to configure two applications, one as an SP and the other as an IDP. On 09/01/2024xmlschema
version 3.0.1 was released. Becausexmlschema
isn't pinned to a major version inpysaml2
, my applications installing djangosaml2/pysaml2 picked up this new version of it. With the new version, authentication between the SP and IDP is broken with this error:The XML decoded from the SAML response to the SP djangosaml2 ACS endpoint that is causing this failure looks like this (condensed):
As part of our SAML configuration we are passing various attributes. It seems the issue occurs when an attribute with a null value is passed, for example the final attribute in the XML above:
The
xs:string
type is not recognised because the namespace isn't included in the AttributeValue (xmlns:xs="http://www.w3.org/2001/XMLSchema"
). I believe this is happening now thatxmlschema
defaults to stacked namespaces rather than its previous behaviour of collapsing namespaces.Code Version
djangosaml2 version 1.7.0
pysaml version 7.3.0
xmlschema 3.0.1
Possible Solution
We have temporarily pinned the
xmlschema
dependency by including it in our app dependencies. I wanted to get your thoughts on if it makes sense to pin the dependency within this repo to a major version?Another potential solution is to modify the XML SAML response to include the required namespace for null elements - either in the root element or the null element itself, but I do not know the complexity of this kind of change.
The text was updated successfully, but these errors were encountered: