How to ExtractVariable from XML with XPath case insensitive - ignorecase="true"

chawkimatta
Participant III

Hello,

Is it possible to have the XPath case insensitive?
Case: response may change without notice.

For ex if we have the XPath in the ExtractVariable: "SIGNATURE" is upper case in the response instead of "Signature"

<XMLPayload stopPayloadProcessing="false">
        <Namespaces>
            <Namespace prefix="saml">urn:oasis:names:tc:SAML:2.0:metadata</Namespace>
            <Namespace prefix="sig">http://www.w3.org/2000/09/xmldsig#</Namespace>
        </Namespaces>
        <Variable name="cert" type="string">
            <XPath>/saml:EntityDescriptor/sig:Signature/sig:KeyInfo/sig:X509Data/sig:X509Certificate/text()</XPath>
        </Variable>
    </XMLPayload>

<XPath>/saml:EntityDescriptor/sig:Signature/sig:KeyInfo/sig:Data/sig:Certificate/text()</XPath>


but got the below xml in the response:

<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor ID="_bd19bf30-8050-470f-88ff-097092f4937a" entityID="https://sts.windows.net/1-dd2c-4d1f-af13-1/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <SIGNATURE xmlns="http://www.w3.org/2000/09/xmldsig#">
        <KeyInfo>
            <Data>
                <Certificate>MyValue</Certificate>
            </Data>
        </KeyInfo>
    </SIGNATURE>
</EntityDescriptor>
Solved Solved
0 2 972
1 ACCEPTED SOLUTION

No.

Well, maybe, but it probably won't satisfy your requirements.

In XML, element names are case sensitive.

The element for a signature for XML Dsig is "Signature". Anything else, including "SIGNATURE", is not valid according to the XML DSig standards.

It MAY BE possible to extract either Signature or SIGNATURE, which is to say, it may be possible to configure your policy to handle those two specific cases. Just include two Variable elements, using the same variable name but a slightly different xpath. But that wouldn't deliver a general case-insensitive behavior. It would not match on SiGnAtUrE or sIGNATURE for example.

But even if you could handle both Signature and SIGNATURE, your efforts are probably doomed to failure. As I said above, XMLDSIG requires the element to be Signature, so any document with SIGNATURE will fail signature validation.

Whatever system is sending you the response you cited, is wrong. Incorrect. Needs to be fixed.

View solution in original post

2 REPLIES 2

No.

Well, maybe, but it probably won't satisfy your requirements.

In XML, element names are case sensitive.

The element for a signature for XML Dsig is "Signature". Anything else, including "SIGNATURE", is not valid according to the XML DSig standards.

It MAY BE possible to extract either Signature or SIGNATURE, which is to say, it may be possible to configure your policy to handle those two specific cases. Just include two Variable elements, using the same variable name but a slightly different xpath. But that wouldn't deliver a general case-insensitive behavior. It would not match on SiGnAtUrE or sIGNATURE for example.

But even if you could handle both Signature and SIGNATURE, your efforts are probably doomed to failure. As I said above, XMLDSIG requires the element to be Signature, so any document with SIGNATURE will fail signature validation.

Whatever system is sending you the response you cited, is wrong. Incorrect. Needs to be fixed.

Thank you @Dino-at-Google for your reply,