[ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1

[rahxam]

Is your feature request related to a problem? Please describe...

I am trying to connect to a SAML IDP which expects a http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 Signature as described in rfc6931 RSASSA-PSS without Parameters.

Unfortunately, I am a bit stuck on how to implement it.

Describe teh solution you'd like...

I would like to have a new option to use http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 signatures.

Describe the alternatives you've considered...

I tried to use https://github.com/digitalbazaar/forge to calculate the signature, but did not have any success.

[cjbarth]

The first step would be to see if NodeJS supports this. If so, then you can easily put up a PR that mimics the existing methods for doing this. If not, you'll have to figure that out yourself and create a function to do it by hand.

[rahxam]

I was able to implement it with https://www.npmjs.com/package/node-forge#rsa, but I guess the dependency is a bit overkill for xml-crypto.

[cjbarth]

In that case you might just use the plugable nature of this library to add such support yourself. There should be information in the README on that.

[rahxam]

Hey,
Yes, I actually did, but I am using passport-saml and I needed to fork node-saml and xml-encryption as well to use the algorithm in xml-crypto and get everything running, which is lot's of forks for 10 lines of code.

[cjbarth]

If you'd like to add support for custom signing methods to node-saml, I'd be happy to look at that. This way you could just pass your function through node-saml to xml-crypto.