Regression: xmlbuilder2 may have removed some non-essential properties

[mcab]

I think the update to xmlbuilder2 also removed some non essential properties, like on the keys nodes. I did not investigate that.

Originally posted by @artonge in #229 (comment)

[mcab]

In order to solve this, we should:

• snapshot all XML outputs from v2.0.9 that utilize xmlbuilder
  • create_authn_request
  • create_metadata
  • create_logout_request
  • create_logout_response
• compare against v3.0.0 / v3.0.1

I think this might be the case for create_logout_response() due to the call of headless, but would need to actually verify.

[mcab]

also removed some non essential properties, like on the keys nodes.

This refers to the nodes underneath md:KeyDescriptor missing the xmlns:ds attribute.

From xmlbuilder:

    <md:KeyDescriptor use="signing">
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:X509Data>
                <ds:X509Certificate>[removed]</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </md:KeyDescriptor>

From xmlbuilder2:

    <md:KeyDescriptor use="signing">
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>[removed]</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </md:KeyDescriptor>

Note, the missing attribute on ds:KeyInfo.

[mcab]

Scratched my head for a little bit.

The structure seems right, but it seems as if the attribute (xmlns:ds) isn't set because it shares the same tuple (attribute name, attribute value) as the one defined higher up in the document.

https://github.com/Clever/saml2/blob/master/lib/saml2.coffee#L72

Opened up oozcitak/xmlbuilder2#72 to try and figure out why that's the case.

It's possible that processing and attribute setting has to be done on the element while building the XML itself, but I'd want to explore via object creation first.