invalid signature algorithm

[wrathinmind]

Hi, I'm facing and issue of 'invalid signature algorithm'

I'm building the module like

FROM openresty/openresty:alpine-fat

RUN mkdir /var/log/nginx

RUN apk update
RUN apk add --no-cache openssl-dev
RUN apk add --no-cache git
RUN apk add --no-cache gcc
RUN apk add --no-cache libxml2 libxml2-dev libxslt libxslt-dev
RUN apk add --no-cache libcrypto3

RUN luarocks install lua-resty-jit-uuid 
RUN luarocks install lua-resty-cookie
RUN luarocks install api7-lua-resty-http

# nginx -g 'daemon off;'
RUN luarocks install lua-resty-saml OPENSSL_DIR=/usr LUA_LIBDIR=/usr/local/openresty/luajit/lib/

I also tried RUN luarocks install lua-resty-saml OPENSSL_DIR=/usr/local/openresty/openssl LUA_LIBDIR=/usr/local/openresty/luajit/lib/

Every time I get an error:

2023/08/19 15:32:07 [error] 11#11: *2 [lua] saml.lua:308: authenticate(): invalid signature algorithm, client: 8.29.109.161, server: , request: "GET /favicon.ico HTTP/1.1", host: "95.85.34.71:3001", referrer: "http://95.85.34.71:3001/"

I've also tried to patch saml.lua and do the following:

local function create_redirect(key, params)
    local saml_type
    if params.SAMLRequest then
        saml_type = "SAMLRequest"
    elseif params.SAMLResponse then
        saml_type = "SAMLResponse"
    end
    assert(saml_type, "no saml request or response")

    local algos = {
        "http://www.w3.org/2000/09/xmldsig#",
        "http://www.w3.org/2001/04/xmlenc#",
        "http://www.w3.org/TR/1999/REC-xpath-19991116",
        "http://www.w3.org/2002/06/xmldsig-filter2",
        "http://www.w3.org/2001/04/xmldsig-more/xptr",
        "http://www.w3.org/2002/06/soap-envelope",
        "http://www.w3.org/2001/04/xmlenc#Content",
        "http://www.w3.org/2001/04/xmlenc#Element",
        "http://www.w3.org/2001/04/xmlenc#aes128-cbc",
        "http://www.w3.org/2001/04/xmlenc#aes192-cbc",
        "http://www.w3.org/2001/04/xmlenc#aes256-cbc",
        "http://www.w3.org/2009/xmlenc11#aes128-gcm",
        "http://www.w3.org/2009/xmlenc11#aes192-gcm",
        "http://www.w3.org/2009/xmlenc11#aes256-gcm",
        "http://www.w3.org/2001/04/xmlenc#kw-aes128",
        "http://www.w3.org/2001/04/xmlenc#kw-aes192",
        "http://www.w3.org/2001/04/xmlenc#kw-aes256",
        "http://www.w3.org/2000/09/xmldsig#base64",
        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments",
        "http://www.w3.org/2006/12/xml-c14n11",
        "http://www.w3.org/2006/12/xml-c14n11#WithComments",
        "http://www.w3.org/2001/10/xml-exc-c14n#",
        "http://www.w3.org/2001/10/xml-exc-c14n#WithComments",
        "http://www.w3.org/2001/10/xml-exc-c14n#",
        "http://www.w3.org/2001/10/xml-exc-c14n#WithComments",
        "http://www.w3.org/2001/04/xmlenc#tripledes-cbc",
        "http://www.w3.org/2001/04/xmlenc#kw-tripledes",
        "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411",
        "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411",
        "http://www.w3.org/2000/09/xmldsig#DSAKeyValue",
        "http://www.w3.org/2000/09/xmldsig#dsa-sha1",
        "http://www.w3.org/2009/xmldsig11#dsa-sha256",
        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1",
        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224",
        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384",
        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512",
        "http://www.w3.org/2001/04/xmlenc#EncryptedKey",
        "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
        "http://www.w3.org/2001/04/xmldsig-more#hmac-md5",
        "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160",
        "http://www.w3.org/2000/09/xmldsig#hmac-sha1",
        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224",
        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256",
        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384",
        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512",
        "http://www.w3.org/2001/04/xmldsig-more#md5",
        "http://www.w3.org/2001/04/xmlenc#ripemd160",
        "http://www.w3.org/2000/09/xmldsig#RSAKeyValue",
        "http://www.w3.org/2001/04/xmldsig-more#rsa-md5",
        "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160",
        "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
        "http://www.w3.org/2001/04/xmlenc#rsa-1_5",
        "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p",
        "http://www.w3.org/2001/04/xmldsig-more#gostr3411",
        "http://www.w3.org/2000/09/xmldsig#sha1",
        "http://www.w3.org/2001/04/xmldsig-more#sha224",
        "http://www.w3.org/2001/04/xmlenc#sha256",
        "http://www.w3.org/2001/04/xmldsig-more#sha384",
        "http://www.w3.org/2001/04/xmlenc#sha512",
        "http://www.w3.org/2000/09/xmldsig#X509Data",
        "http://www.w3.org/2000/09/xmldsig#rawX509Certificate",
        "http://www.w3.org/2000/09/xmldsig#PGPData",
        "http://www.w3.org/2000/09/xmldsig#SPKIData",
        "http://www.w3.org/TR/1999/REC-xslt-19991116",
    }
    for k,SigAlg in pairs(algos) do 
        ngx.log(ngx.INFO, " >>>>>> SigAlg: " ..  SigAlg .. " <<<<<<<")
        local query_str, err = saml_module.binding_redirect_create(key, saml_type, params[saml_type], SigAlg, params.RelayState)
        if not err then
            ngx.log(ngx.INFO, " >>>>>> Success!!!!! SigAlg: " ..  SigAlg .. " <<<<<<<")
        end

    end


    return saml_module.binding_redirect_create(key, saml_type, params[saml_type], params.SigAlg, params.RelayState)
end

All of them failed, so I assume that there is some problem with secxml implementation.

Could you please give me a hint?