You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, we were having issues on a wp-site using this plugin due to the fact that the IDP is using AES-128-GCM as their encryption algorithm. Support for that algorithm has been added in xmlseclib version 3.1.0: (https://github.com/robrichards/xmlseclibs/releases/tag/3.1.0).
I checked the dependencies on this module and found that the xmlseclib included in onelogin-saml-sso/php/extlib/xmlseclibs/ (version 3.0.4) is not in line with what php-saml version 3.5.0 is requiring in its composer file: (https://github.com/onelogin/php-saml/blob/3.5.0/composer.json). (xmlseclib >= version 3.1.1).
I tried simply replacing the contents of the extlib/xmlseclibs/ with the source of the 3.1.1 version, but this did not completely solve our issue. It seems the error message is raised from the xmlseclibs library, so I don't expect an answer on that here. As I am unfamiliar with this library's code, I thought that perhaps there is something else that needs to be adjusted to account for the new version of xmlseclibs.
Got error 'PHP message: PHP Fatal error: Uncaught Exception: Key must contain at least 25 characters for this cipher in <redacted>/public_html/wp-content/plugins/onelogin-saml-sso/php/extlib/xmlseclibs/src/XMLSecurityKey.php:378
Stack trace:\n#0 /home/<redacted>/public_html/wp-content/plugins/onelogin-saml-sso/php/lib/Saml2/Response.php(1159): RobRichards\\XMLSecLibs\\XMLSecurityKey->loadKey(<long sequence of unicode chars in the format \\xZZ>...
Does anybody have ideas on this?
The text was updated successfully, but these errors were encountered:
xmlseclibs 3.1.0 had a bug that was fixed in 3.1.1
I agree xmlseclibs must be updated here on ths plugin in order to support AES-128-GCM
I had not tested yet deeply the AES-128-GCM support on php-saml that why I have not actively updated all the plugins depends on it.
@TombLL, Is the source code of xmlseclibs 3.1.1 failing in your WP? I guess you used 3.1.0 which does not have the patch.
Can you confirm with the 3.1.1 works so I can update the WP plugin with the xmlseclibs code?
Hi, we were having issues on a wp-site using this plugin due to the fact that the IDP is using AES-128-GCM as their encryption algorithm. Support for that algorithm has been added in xmlseclib version 3.1.0: (https://github.com/robrichards/xmlseclibs/releases/tag/3.1.0).
I checked the dependencies on this module and found that the xmlseclib included in
onelogin-saml-sso/php/extlib/xmlseclibs/
(version 3.0.4) is not in line with what php-saml version 3.5.0 is requiring in its composer file: (https://github.com/onelogin/php-saml/blob/3.5.0/composer.json). (xmlseclib >= version 3.1.1).I tried simply replacing the contents of the
extlib/xmlseclibs/
with the source of the 3.1.1 version, but this did not completely solve our issue. It seems the error message is raised from the xmlseclibs library, so I don't expect an answer on that here. As I am unfamiliar with this library's code, I thought that perhaps there is something else that needs to be adjusted to account for the new version of xmlseclibs.Does anybody have ideas on this?
The text was updated successfully, but these errors were encountered: