Changes for version 1.17 - 2019-02-18

  • Add support for RSA-SHA256 signatures (both signing and verification) in advance of new signatures to be provided by RealMe
  • Refactor XMLSig module to be more modular and use a single implementation of signing and of verification for both single-reference and multi- reference signatures.
  • When generating an XML signature the name of the ID attribute used for Reference URIs is now usually left unspecified. The relevant target elements are now located using just the supplied attribute value.
  • The XMLSig verify() method now accepts an XPath selector argument to specify which signature block to verify (was hard-coded).
  • After verifying a signature, the caller should now use the new find_verified_element() method to ensure subsequent XPath queries only target verified sections of the original signed document.
  • Reduce code duplication by adding CommonURIs as the single place where namespace and token URIs are defined.

Documentation

Tools for interacting with the New Zealand 'RealMe Login' service

Modules

Integrate with RealMe login and identity services (formerly "igovt logon")
Generate a SAML2 AuthenRequest message
Common mappings for tokens to URIs
Generate a WS-Trust request for resolving an opaque token to a RealMe FLT.
Class representing the NZ RealMe Login SAML IdP
Manipulate NZ RealMe Login service AuthnContextClassRef values
Generate a SOAP request for resolving an artifact to an FLT
Encapsulates the response from the IdP to the artifact resolution request
Class representing the local SAML2 Service Provider
interactively create/edit Service Provider metadata
generate certificates or CSRs
generate SAML ID strings
XML digital signature generation/verification