Most of our SAML/XML handling is done via the SimpleSAMLphp/SAML2 library. But in three places, we still call xmlseclibs directly:
Investigate whether we can replace these with functionality of SAML2.
The advantage of that is that we have a single point of entrey into xmlseclibs, and because SAML2 is implementing additional safeguards against wrapping attacks and such, it makes us a little more robust against xmlseclibs/libxml bugs.
Most of our SAML/XML handling is done via the SimpleSAMLphp/SAML2 library. But in three places, we still call xmlseclibs directly:
Investigate whether we can replace these with functionality of SAML2.
The advantage of that is that we have a single point of entrey into xmlseclibs, and because SAML2 is implementing additional safeguards against wrapping attacks and such, it makes us a little more robust against xmlseclibs/libxml bugs.