From 7c147a3072e985073aaad56bfae361f186bf51bb Mon Sep 17 00:00:00 2001
From: Robin Bijlani <robin.bijlani@auth0.com>
Date: Wed, 3 Feb 2021 14:10:51 -0500
Subject: [PATCH] Bump xml-encryption to 1.2.1 for modern algorithm support
 (#145)

---
 lib/passport-wsfed-saml2/samlp.js |  7 ++++++-
 package.json                      |  2 +-
 test/samlp.tests.js               | 14 ++++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/lib/passport-wsfed-saml2/samlp.js b/lib/passport-wsfed-saml2/samlp.js
index a46aa09..3b00923 100644
--- a/lib/passport-wsfed-saml2/samlp.js
+++ b/lib/passport-wsfed-saml2/samlp.js
@@ -323,7 +323,12 @@ Samlp.prototype = {
           return done(new Error('Assertion is encrypted. Please set options.decryptionKey with your decryption private key.'));
         }
 
-        return xmlenc.decrypt(encryptedData, { key: this.options.decryptionKey, autopadding: this.options.autopadding }, done);
+        return xmlenc.decrypt(encryptedData, { 
+          key: this.options.decryptionKey, 
+          autopadding: this.options.autopadding,
+          disallowDecryptionWithInsecureAlgorithm: false,
+          warnInsecureAlgorithm: false
+        }, done);
       }
     }
 
diff --git a/package.json b/package.json
index 061940e..8a556ec 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
     "uid2": "0.0.x",
     "valid-url": "^1.0.9",
     "xml-crypto": "auth0/xml-crypto#v1.4.1-auth0.2",
-    "xml-encryption": "auth0/node-xml-encryption#v0.12.0",
+    "xml-encryption": "^1.2.1",
     "xml2js": "0.1.x",
     "xmldom": "auth0/xmldom#v0.1.19-auth0.2",
     "xpath": "0.0.5",
diff --git a/test/samlp.tests.js b/test/samlp.tests.js
index b44bc84..a35a25e 100644
--- a/test/samlp.tests.js
+++ b/test/samlp.tests.js
@@ -96,6 +96,20 @@ describe('samlp (unit tests)', function () {
       });
     });
 
+    it('should return a decrypted assertion when using tripledes-cbc', function (done) {
+      const samlResponse = '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d5ea3c04f919d826c42154114f3fa1a55fb1b8f5ea" Version="2.0" IssueInstant="2017-11-16T23:57:31Z" Destination="https://login0.myauth0.com/login/callback" InResponseTo="_317e26c1b83bb3e8cedc"><saml:Issuer>http://localhost:8080/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>  <ds:Reference URI="#_d5ea3c04f919d826c42154114f3fa1a55fb1b8f5ea"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>QTrX6jHzUq7YJmrQHHfY+sPH7IA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>fT3MIZJgBM+2i8wMrZNBbe2fkEBKbK1ojnRqgaPvZDrWyPQcDY/bkhaF954nH+n0ZJud36beqSlCzEmxT+OF/MOwE2oEgqWavRYvTRpIvErECvbHao7S+XD40fnqDWoycDZRFDaMX5/V5S+Z5cDa7Yuou180OOdqlxewNfq87zM+q085griRl5TwwxISN1NIFa4tz7mDfLii3jNiLB6H8TPAbRhQ5qEA2R3pY/Q7/WZ3pPUCGoXayKFXEnQ0YqQZw3RgPPKVpd7t2fH15tc/1pYlqsv+3PfR8TlWB6AouUal74jBWA4BBZOzCzSOAGI2Wu+HatSW7FTbbBnxOv9y+A==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDXTCCAkWgAwIBAgIJALmVVuDWu4NYMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTYxMjMxMTQzNDQ3WhcNNDgwNjI1MTQzNDQ3WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUCFozgNb1h1M0jzNRSCjhOBnR+uVbVpaWfXYIR+AhWDdEe5ryY+CgavOg8bfLybyzFdehlYdDRgkedEB/GjG8aJw06l0qF4jDOAw0kEygWCu2mcH7XOxRt+YAH3TVHa/Hu1W3WjzkobqqqLQ8gkKWWM27fOgAZ6GieaJBN6VBSMMcPey3HWLBmc+TYJmv1dbaO2jHhKh8pfKw0W12VM8P1PIO8gv4Phu/uuJYieBWKixBEyy0lHjyixYFCR12xdh4CA47q958ZRGnnDUGFVE1QhgRacJCOZ9bd5t9mr8KLaVBYTCJo5ERE8jymab5dPqe5qKfJsCZiqWglbjUo9twIDAQABo1AwTjAdBgNVHQ4EFgQUxpuwcs/CYQOyui+r1G+3KxBNhxkwHwYDVR0jBBgwFoAUxpuwcs/CYQOyui+r1G+3KxBNhxkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAiWUKs/2x/viNCKi3Y6blEuCtAGhzOOZ9EjrvJ8+COH3Rag3tVBWrcBZ3/uhhPq5gy9lqw4OkvEws99/5jFsX1FJ6MKBgqfuy7yh5s1YfM0ANHYczMmYpZeAcQf2CGAaVfwTTfSlzNLsF2lW/ly7yapFzlYSJLGoVE+OHEu8g5SlNACUEfkXw+5Eghh+KzlIN7R6Q7r2ixWNFBC/jWf7NKUfJyX8qIG5md1YUeT6GBW9Bm2/1/RiO24JTaYlfLdKK9TYb8sG5B+OLab2DImG99CJ25RkAcSobWNF5zD0O6lgOo3cEdB/ksCq3hmtlC/DlLZ/D8CJ+7VuZnS1rR2naQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion><xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">  <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">    <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />    </e:EncryptionMethod>    <KeyInfo>      <X509Data><X509Certificate>MIIEDzCCAvegAwIBAgIJALr9HwgrQ7GeMA0GCSqGSIb3DQEBBQUAMGIxGDAWBgNVBAMTD2F1dGgwLmF1dGgwLmNvbTESMBAGA1UEChMJQXV0aDAgTExDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDAeFw0xMjEyMjkxNTMwNDdaFw0xMzAxMjgxNTMwNDdaMGIxGDAWBgNVBAMTD2F1dGgwLmF1dGgwLmNvbTESMBAGA1UEChMJQXV0aDAgTExDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZiVmNHiXLldrgbS50ONNOH7pJ2zg6OcSMkYZGDZJbOZ/TqwauC6JOnI7+xtkPJsQHZSFJs4U0srjZKzDCmaz2jLAJDShP2jaXlrki16nDLPE//IGAg3BJguSmBCWpDbSm92V9hSsE+Mhx6bDaJiw8yQ+Q8iSm0aTQZtp6O4ICMu00ESdh9NJqIECELvP31ADV1Xhj7IbyyVPDFxMv3ol5BySE9wwwOFUq/wv7Xz9LRiUjUzPO+Lq3OM3o/uCDbk7jD7XrGUuOydALD8ULsXp4EuDO+nFbeXB/iKndZynuVKokirywl2nD2IP0/yncdLQZ8ByIyqP3G82fq/l8p7AsCAwEAAaOBxzCBxDAdBgNVHQ4EFgQUHI2rUXeBjTv1zAllaPGrHFcEK0YwgZQGA1UdIwSBjDCBiYAUHI2rUXeBjTv1zAllaPGrHFcEK0ahZqRkMGIxGDAWBgNVBAMTD2F1dGgwLmF1dGgwLmNvbTESMBAGA1UEChMJQXV0aDAgTExDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZIIJALr9HwgrQ7GeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFrXIhCy4T4eGrikb0R2wHv/uS548r3pZyBV0CDbcRwAtbnpJMvkGFqKVp4pmyoIDSVNK/j+sLEshB20XftezHZyRJbCUbtKvXQ6FsxoeZMlN0ITYKTaoBZKhUxxj90otAhNC58qwGUPqt2LewJhHyLucKkGJ1mQ3b5xKZ532ToufouH9VLhig3H1KnxWo/zMD6Ke8cCk6qO9htuhI06s3GQGS1QWQtAmm17C6TfKgDwQFZwhqHUUZnwKRH8gU6OgZsvhgV1B7H5mjZcu57KMiDBekU9MEY0DCVTN3WkmcTII668zLsJrkNX6PEfck1AMBbVE6pEUKcWwq3uaLvlAUo=</X509Certificate></X509Data>    </KeyInfo>    <e:CipherData>      <e:CipherValue>D1uLLnF4HXthsdJyhNxfEo+hyzCAqunXKYFfNEpgd10+sE54lmIG6Db4aKz1Gd+VgKaw5Qigjd0pxCJVHKxIXtToR8Wp//t8BRBvqp0UVwdqokl+dJwYUo4aliqukFT3pXl4Z67nsuecpA8nSIbFSirUN3gfMAg47GirFDa7DVpIOu0u6YqH6ZcIRG/QihBx5ryIN9PwQLjaZmbZfthvugFWhjTt+APwHn+V2TyJgPYDknD5NJ6Xj6EO/EtOENpSMb4loIV0PonGut6be8hCbq7ShDuTzyqoP/HahssZYpYS0u7bOs1sV9oSbrp8GAYrZCEVVrN+1TAaXgwSRYDwAg==</e:CipherValue>    </e:CipherData>  </e:EncryptedKey></KeyInfo>  <xenc:CipherData>    <xenc:CipherValue>kTOEFGnqzo6UBLryqesUkkV622zIlmh3rmdVvntbBkJo2NumTHBbWnVcfmOFEk/UGSMONuY++cYg1Sn3y2u5xqzS6yGH1fszDPY4zcNXfmnT08coVipX2g8ILd268AEIOb6fm+JoqUYCVv3zMwn70BmQPY9MaGJXCcoeG1trWPDf6rdkdlsNnxdXNqgNQ7OphuaQEHRo5YYfQ/QDNfxXbtWzJ3JjwKdq1QWe3o+fIFWJlgPCv1LIR98Pu5pcTwMBPCPWcTdgoAiBCEvbcB4W/Ry5Y9nc1doqfSuHaSouGbq4TTWqw2HjvmkUjnNcYuVxAf4VaRHJZ6leHFXk/fd1fk3QyK+MrzKGFDu2WvKW7NZH6fsCnnGL93f1aXToyhagiz/sGWzMBlFN7OAuaVi8IvWuJ2qlJIc5SGYQFX5P0yFPKxkks2QrP3XbavfxTE1UxPtLeRqPcU2qHyHp1eO5vOwQ5EDqFAi89vNhDjkAaGuP8d4XwkwlNuz/c75jI/gFZqLy5Sy+PeSXggvWldF83nEAqu11bDXI7pX9dDP78yYwfUQJE9Rp0JesxQwqAzPe/jyTbpbLBxpxXZt/4W9F3a+02zM1vki9nZQkNIKhYKufZ7D8D7oGcswcEP7OfcqZooUyaM4uiQQI4gOAfrhQAqEPngFr8oLhp5UgfEDV2Ugxm9RzWvxYuFnpNv6Zd4ZrJaF9MUkeo4a+f/Fw1qPzX5SBRWSwJV48pxDkCXgBErtoZ6Jt+NhODMpUmXGbkp3qsRWlHEFsUE6ED+kqyZ9DhMkRJ2m0dDPDUUNQ7n2SS2+H6gs4lOoQ/vX/ayoAkIM5Mvn0eJIg7ZzL8ENkFvFH0Yx2srRb7RWKTmZ8qUZ2B1jRZiUCeXNFgJoW/nG1QH8MfZANPrZyNO7wBuHLPXC44SEOfuWg/GcJSAX1gPHV9A5M0xq28oIGkk+2f6YV36ShvWMGhMx316648vXP6v4liTZKY2JeuxltgKrVLU84ppoPVxAaHwjQ7vItCcROrFU38O9Ax3lLbSFEqKfi9Mr1UTtZ2PALUK9po8B05zcUd87fM1XjzEm8LSBtLou5pP9ylbGjGadaxYeHm0/lDSV7wM84eNV5dkOkLd969h6g4SAXrmJQvH771Y5ksDpnFGEx5hm1WMrvPyeOgNX/u9HeOvT+CWkcZFk3DFDrlhbOImMRu1ePVnhkBmW6sDYZwcZcR6xu9JiMBydjgNufBjnZhOMq+7gDYRGXvfGkza9/D79DdHRAUqX2gHdr8qxGywDOgrn0ShY+RN59fng8ksyuSLigHCKjmeda/0sINWjwKqEJujTTUDt0IlZQLqD5JzGInRU306bQ5kG0/u94pb4QyomMfbgDU5KyKRYG8RZQMm2uIH+Edf1zcZJ1ZYb8iVghkGEWTZFq4NU/WGTiDWJGRwvEIZb2suTpNPiT9Hw76OYGVGMmuQhA6uNYjau2dTbbltmlkTuqQrlmpAOQ5ViTSTSDKZ66oPbG+28pzwUsqGrg65+6yse3nJ6NZxEVQjNfbxyV54EpOVBmLDRiHdam0rbOerpOxX8QgLWHQKNRHGBLPCvsAXkx4MBk+hS/jg49GXb/2g/iavgHDSuA7FCEyfJHa34Fz/aCfgJfXTWH8Jwk16a4VbM+S9rkt613/2QXlaQewhfdYWXVVwxsfv0Ng9+/nHEDllWEl4ZRVLhAKcqeEDsQhPkEhRn1pAAP1LPR2YSMVnug40tLIorOTa4LYe7nL9J8ABEhXk7ySfZO0K2tDWVnB9bLbimrZOdZJPyHBuI3ElweitbdRUBmf6RBDlnb4ctPvUQ+smvRy3+GkG6DlKTFxgwk2JqmLDmJE9tIPcpIDNt0lP7D6D/6z+CQHD/H5BK5n92QItXSPVQKj8LLoGxjEEas685zw41j6tV9LwIdVfXtLhmL/lbN67rxS7jWLG4wy93kHRHN0G7K8TVdB5UUkii5S7pgB5MfiJuaQ19tNWEpXN5bXO2MTjUpt4KPCnsE9ag74q9PMoaAFxY2d6M7LV+9z2uy/eeXgN/C/qBh98PzE/3abDdWhcB6Tj2lZZMjDliB1saldF9JTg+xCdLd+ADuLCqObwRFN9IlrJLeS2RPKmVHTWP2nHM5fuu9Iws7B8Sl74ur8ltEFBtJ2xGshlBQIhS5xJLkIXpdGLnx6YYvBD65ZI6lR642clCW/KC+rXFPZ0o8E+u6AttBkIJK7kVROhHNykYMn0zvH8gCoyR3M9/QqPCfQY8+9SMKS9E3vvStaR7tIXSr6lrMxah8U2HT1sD7KewVwSz4fsxzD2dLYH69wjP5XK4WKfrnFX0K1AMcZGAk69mkcN57/cZhkYh6/7IEebF0T/MCkulk4sYyJc/J9IbsNrRF0iMEndxJ60VvZaEydLlMpkU+lPTgUCtbwHh0bNiHjSw8gjGNjwmFf3pwl3OTtR6rDYtOWBDNmukVbpF2bXqcXFEKTr6LZyM317wi+j9VxRWL2It7c717hFmEUs/eyqTXz3AShCVWMsW9cdJh4+mIHIxr4v3tL/o4PiBK6EBdoJtmEFVVKs0Re9FVhLDgpDYz3uafmql5osagiIYkFpNVg2F5PID2ieUhr6BsvZ0zZmirmcKul5uLE7/JGUyeLCDLqui/f0DvUlqRyzIMGl2BJvKFVxfRRCLo8mo55LaC9+CtVL8PW2p8RCIpDuNCigH9F0CRjztyXIi2Hu8dyBPGFcy5c10PP+8vd7Bg771QlccliLICZCvC9eg+LgGLcONs5jJnI/stboUQHJJ/5QBx6Ng7aO+p0Iqyofo0+bPdXV/SWMv9Wx1klwUEpnuUkJsEvOLfancZyqo3GRU88hJRWkLePJesmHrG8MNH8H+Sgvq56rfzQ7m0u9hqcyK6HBfdkxD6bvmVRQ9iv7RlFeXO1NZGOrkVrkfGoq2L7pwWFiVg8PfJ5ftWloeweC9uWktd7LsIWOI96mhqQ9txThF1zw0tZm0/FIrVaE7ZiXcn55cHyrsyUm0YJP81Xr59DoZWTRyu7CX8Vk17Tqla7fl6KZKCPyD/DPV3yItaiUFmSNPk+rhkft+LJ+B/Ry2LqcrV/UvJkMREGzNg4MeazWdRZXsJ8mX59ETjJk+dKc5pVp3gWLKKjy7nz4u8cHUpt/BtLiNZMw5IMn8rQL70VWuD25gPMTnLQqWYzUfnAjCVh2G5KMJ/odfDDL9t9sB5A6j+zqN1LZF7W6uhoRj63WVGvweus+l2OWvzvGp2+ki8HHfves9dOYpKM2V3VRkF3tsse7st+WjCkcjPd5h8fRgbaY9CDEwF3gvtk5lCJ7Ym4Kf5TW5IG0bDSqrcwPEHfsPkyChVJtzWkGKNSjmPta85VkZUBBRfVF3bfytLFSoCyeUMNY/jw42sjrEBusf0tOWMTtvmlbyZEd0dfei8hh4ifzguQoF0jDyjMUytpa7FgyHADcKh/xR9g7g7+kSOU/jTZ9BA8dMp9/q1i0aXCXCA/k5K1Hay+VdRQ6tKaXTrIL50wlxoyB7kLqyW+3vEWqcAHzNuaUOF7RYHjDHZnjM83wHo2HAdBuBHUI1a8pqaTN5vgHB9B8cALozaXfTXQzdK20SOpzjm27sD8ZgAZr2rGcBW6fTr+MPKENSkfPHTwH8DeNMRE9ZZlh5sr0aQmvvP07TZjk+jdd2mQUVdicN4OH7Y+uQTyTA7ajzk6hRwGq/LTVBR9xMzDyRtlf5ihTAE9b91/vuuL+rT8CH+7vjgQUZGFnEa04hlZRFtDHBA746YVxDJUFt1ryxrRohVjYqXd6BL2Qe665uGcTz30NiW7wdCQsl08LzDpWCMdAlwTfLU9j4UyO4JurJJ36pZdiX1RsBCXZDsOv2dWVRINS3mLwErRC9UfsEqc5zRZOiP2Uw+WN6hoxc5Gl/ZuPPkCS138j0OKd7V22Q5ADPvdFpkGDRByJ/EmTNl9buFAm7yg/Wq8ojivrnTDcku6OvYGL9EyneyqPNL44cXFQy1770TOpN3VyDORp4NAUURx43GuB9WCrMcjRWVGfG/zihjFRAhRzfjvJBOhZ9pnwwUHdR3JHNXHo/3hCJzhAvDsnLq8U8QSILnsXtfGiasKA2OssNzTelkigf3Lv7e9C5qAhi8FgR4ZmjajTij1+1t8fzp2nr0Ut/refJuOFS3egXHlBbSVKdQqN5ZG2an7Fiex7jTw+YCQCw6Ip4BnuFPPrdseker1P7BD4YiSJF5yMG5WAxRzpLIqVtWflEnaEbO0tmgVhSFtONo9oONMS1psYGni6aQ5R2DE/p6W38q47BqGxwRa14zLkthuN2vPIzQLyD2x8QJCgF7ptv1kuahiv6JI/lAhEQNKPS2gd5yC6w7zFKAjUpv77g5TGlqBXZEuWGKom0zFzU8BJ6bvEn/BZoGR/MXgRIwBtIzDDSnPmlG5SCA7I6n7JcejP7SWyVwCRz2DpN8MEtQYSSlg8N7KboomvuhGMa7S12VeIQ1bKklrj4ge8hcKxjFm2zvdjGHRzRfOssxN1SqNmTj/Wx4SQQUEnwspBNa1dj9y69Qoj8W4pIxWNb9G6ddCH4Y6H7wUvJ1oubI0LQe3mFBRbQkgp7SJc849zMcQvB+t/BcSQ2yHjM73XlUKclNHEpCR9jpL5EM9IGWDm783MRtUqMu18xyL5FRDytEOpgfZkWNuqhkm/PnFBii1mZnpBooeRljvIzmkvIasH7UV8ZpRDRpci/Ng2HIOs1ZIMkCrQMac/kjLbQSoD/e3ztAgBAHzPOfhHYPd3Z16UHiFApMr4SJl3o+1BXuhm3O1jKdDyq+aBDr9IFohryBkW50ioD0VCiaG6nLha01DgIpr51axlU0ltTTCphJwMv91xa5tq64ioQAWy/5OidCzvLLM7JJLUsKExtd1TlQw4kexQrrit6wi3fjaeffe56GSkkcDfLI2FDkOEO4koAZrGvce+rX8rSOhSEtQkMEaWpjQ5q30DK348kdElTMsvR+359kNsQzsgKj68kIyqKDnQIUABbzeE/3FjZLQr6ac04Jweks5XUsvbSO3NLYbEJ9+WaKC2LyS69MGnkwp8560A4+IRNVXzRGUL3C3j0SXaz0DmZQIuv12I6sNsDVqySNFamua+pGmsCowRsl5Q/wjkhTZ+vTTJ0Xwy+br1PI14ZcF2MEEsdaJgoccTlyVHVVM2JCIY9Gi/50uW9KGFPcu697svQXm3Goe0EU9FwDvinI9Sqri0Wt5sJ11Rfg3BExyVLm3qIcZksox7ccfluEyiMv9G4rUIJOtwjYLMgdr5AKjdC7iS3GGCK1tTO0vBjTZz3C6Pi1ODcqcOGbkQcdvRY0pC9Ww/CkT6Mk4Pjrd6xohHJqE5+Okm4DBuP1XVcZke995XX3KLfks07I7dSojeFv9SlP4HEEdM8Q38Z9ziIgUiywlEKbqGQCZVqGZvPvHRqCA5n6MiyxKO3Xr8jeg56xzcgHF+bac0l66mE46GsfCjCXSagHLFYwSDJTgtiOVQL4xGRyRUz+vDZlCIOmuqLJs3tUsNSFPJXOiE9swlu+w5bNW+PfacPhgPxpdW3Ik94v0SzQyjFt/EBnCa6rYbcoUXjzKxdBV7/LtAm+L9+P4TYcIMr9C1w78MHnSA1isZ4FpvfUzpDzCkvZINt9og5bt+4k4wBWF+nvxX3LHk1TQfrFZmhGW4J9VW87JgjKOPJy41W8R2IIyTUNQNnw2IPflDCb+YMelsm7TD7UUYWPVjE3/B2Vc2gOFaGa/Qqvj2XTg0/2dmYQxIjj4P8Caa/Y7LJv9/MqLZgLOT4DcsfL5RRSUx7Ofw7AFmEbCommRVbKB1fqGV0r6B3FUTP2PtqVbEOtAqgEkxGDtdJcNC0Bc1awJJ/igVS7Ul4neSL8T5My4N4KPYWxgglf0ds9VWpL5C8XsqHp7u1m6b5eBpfNkyd4l2PWqTnvwsmhXm6oN8q8017ScdXhUC9e91exm+7aXwAT8ojqcMcEWBOd7i7S0c2VCdNRsPw9SBZlu3ntKaOOofOH2nJ/VvfBUNENcI5U83QHbBtxuQJPcEV7mouMOgYe20PMqfG7VFqgsP53uAeQffIHB2jg6KSd3VCeWjgtFU6RzvflWLiFsemaivZttBxM+po9xYj8WiWu0gbS4DTIbP0Quu3nlS9nxEh3JBQruULe6iekSoTfHM9UZ7AhbJku1qFgxlPpwl+8oFv38JrVRh1+OBqFfeoXA/DdlRicIqke5avAYnYveDd0Cs8wFjeGovu1S0AlJL3adEvpx+af+mt5U25GsiNjih82dsW53dvMxEUztH75Yyjd+iGwxKUDyvCDr+BP+wFgWehgSyXqgTHPpU2SkChKVtOiRsUTD1zzLp07tL1I8Rx/i9fSXA/vf5NlEdEuY4v2SzI+dHYuTwl0g0+q3IGMgNRB8u9/QsgN+0K3NmjTI9ovXrlOvmycn5JPP0SqJ7PFI/fJ4PxBerfUWWS4Jze1mOUO3N+ZbFHdIkLZzEWcU8/Xt/eQWGopomnsIZmXd/HqHXxxSXBL1N1CZWVUmmf+0zwqhZzvJ9zE8jjsL5icO23iJdquhPhmewMDbfyyskWcaAYQU54bBXtrCWuTfmiToNHkVpmW8Byq3O4dPb3EH/xLSAo9oVh3dhvZk8CMcbwdfOwvi+E/xbGG3OS4zcONYayFLbJxFp7B07As/M86fmjjwTw7GP19pNv59LpLOk0s/UO/Tcx9HCyaaLezqp2ZgflEvw41QB6n1Q7f3pjC1dqaQ51MzjvkIXvCrffYuGTcCe1ThZfEx+EHDclnN8RXC6ZIjXOmUMPjazFb1RUGDQO5wSHQi8DON/tr8Q5r03xMdEQljFLYkbEZY7Pw9yEjvKToua7Q23MZBNCJ/vus1oLOK/ImUuY5YpV8uyTMrEpC7/xgGmVabWb4P6SYmgmqLiqegSWAqlJGRzE/Wj+cuOwGtz7lhiUu5cvWcIppm4IsAapVJs25hnrWGuSy+c3otCa+/UcPG51jI3iwMJCojY+AXGbzhWDDS6gCN1tce9ZjrMEoT60b/LwaU5+E3jPlMcdrVeTIGXLLByC7m8dUK9h49m3eQE4EWkRuDrix5S7b6k0W/yrbaR3pQvR9MP31airpT34/74PGVhs79H4OC8AEcIT34Pl9putEYvxNlhntshzV1pxO9ytsDlq84v7+GSezLidAXUyyMZsEUSVGH9gVYnofRkV34g6l6VotZjKKUGxowwRhNyxkXSrMT13mhngLPkxGutm5ZkhJID8OfnjFzoQL8+u/qC0cVPw31mh6o/MKiOtiWovfa8qwBb1zFVEunvI3ME1w</xenc:CipherValue>  </xenc:CipherData></xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response>';
+      
+      const samlp = new Samlp({
+        decryptionKey: fs.readFileSync(__dirname + '/test-auth0.key')
+      });
+
+      samlp.extractAssertion(samlResponse, function (err, assertion) {
+        expect(err).not.to.exist;
+        expect(assertion).to.exist;
+        done();
+      });
+    });
+
     it('should return error if more than one assertion is found', function (done) {
       var currentSamlResponse = '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0d2a510bffbb012bbc30" InResponseTo="_2N5GGp2nmITCFbcyGSKjaQ3ai6Kx9cAwDhBGX1gAJyvCrlJvoEQdjEgTsfajgM9m7j.w.I9Fz1ddVjZ9lKZChcsptp9kxkCuqcwbeNe.lJyVQpB8iSa4awFYsj9A5r7REb5JpHH72B6feguHFFPE8Mak3u4hSEKl9_8moiXLdA57WVhzwa8XYxn4mDshSp3Xb0PEZKODHMtxlVXaycGYuMgC20GpfCA" Version="2.0" IssueInstant="2014-02-25T15:20:20Z" Destination="https://auth0-dev-ed.my.salesforce.com"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:fixture-test</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_241siKCvX3e3oRGYtkdcV4DfGDtIsVk4" IssueInstant="2014-02-25T15:20:20.535Z"><saml:Issuer>urn:fixture-test</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">12345678</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2014-02-25T16:20:20.535Z" InResponseTo="_2N5GGp2nmITCFbcyGSKjaQ3ai6Kx9cAwDhBGX1gAJyvCrlJvoEQdjEgTsfajgM9m7j.w.I9Fz1ddVjZ9lKZChcsptp9kxkCuqcwbeNe.lJyVQpB8iSa4awFYsj9A5r7REb5JpHH72B6feguHFFPE8Mak3u4hSEKl9_8moiXLdA57WVhzwa8XYxn4mDshSp3Xb0PEZKODHMtxlVXaycGYuMgC20GpfCA"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2014-02-25T15:20:20.535Z" NotOnOrAfter="2014-02-25T16:20:20.535Z"><saml:AudienceRestriction><saml:Audience>https://auth0-dev-ed.my.salesforce.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"><saml:AttributeValue xsi:type="xs:anyType">12345678</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><saml:AttributeValue xsi:type="xs:anyType">jfoo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><saml:AttributeValue xsi:type="xs:anyType">John Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><saml:AttributeValue xsi:type="xs:anyType">John</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><saml:AttributeValue xsi:type="xs:anyType">Foo</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthnStatement AuthnInstant="2014-02-25T15:20:20.535Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_241siKCvX3e3oRGYtkdcV4DfGDtIsVk4" IssueInstant="2014-02-25T15:20:20.535Z"><saml:Issuer>urn:fixture-test</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">12345678</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2014-02-25T16:20:20.535Z" InResponseTo="_2N5GGp2nmITCFbcyGSKjaQ3ai6Kx9cAwDhBGX1gAJyvCrlJvoEQdjEgTsfajgM9m7j.w.I9Fz1ddVjZ9lKZChcsptp9kxkCuqcwbeNe.lJyVQpB8iSa4awFYsj9A5r7REb5JpHH72B6feguHFFPE8Mak3u4hSEKl9_8moiXLdA57WVhzwa8XYxn4mDshSp3Xb0PEZKODHMtxlVXaycGYuMgC20GpfCA"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2014-02-25T15:20:20.535Z" NotOnOrAfter="2014-02-25T16:20:20.535Z"><saml:AudienceRestriction><saml:Audience>https://auth0-dev-ed.my.salesforce.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"><saml:AttributeValue xsi:type="xs:anyType">12345678</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><saml:AttributeValue xsi:type="xs:anyType">jfoo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><saml:AttributeValue xsi:type="xs:anyType">John Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><saml:AttributeValue xsi:type="xs:anyType">John</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><saml:AttributeValue xsi:type="xs:anyType">Foo</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthnStatement AuthnInstant="2014-02-25T15:20:20.535Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#_0d2a510bffbb012bbc30"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>YkV3DdlEa19Gb0eE3jTYTVPalV1kZ88fbIv4blO9T1Y=</DigestValue></Reference></SignedInfo><SignatureValue>ZiINpNlahQlp1JbgFsamI1/pZ+zcPsZboESVayxBMtrUBYNC4IG2VBnqku7paDxJQ7624CvcNzAYWYCv/2/c67Bv6YhQwK1rb4DPEL6OvbI8FNkYAhTNNw5UhUTEMjnJ7AncV/svUTYyIOyktuCvQh3tR4teZJV+BM3IKj9vRQQbCRNSUVHJEe963ma5HcCyo+RhIKU1pm4+ycswOlY9F115roKB4RNRJLs7Z5fyzhbOoCUujR9MMKHHq+CWaYvh5SkjaH1wMorlPlJtq5dhTZtDRhj4HwxYpCG5b4NF2vp+Jpni4dDFKou0Lzk0k6ueCJGcNHfidfEB3RB20Hed2g==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIEDzCCAvegAwIBAgIJALr9HwgrQ7GeMA0GCSqGSIb3DQEBBQUAMGIxGDAWBgNVBAMTD2F1dGgwLmF1dGgwLmNvbTESMBAGA1UEChMJQXV0aDAgTExDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDAeFw0xMjEyMjkxNTMwNDdaFw0xMzAxMjgxNTMwNDdaMGIxGDAWBgNVBAMTD2F1dGgwLmF1dGgwLmNvbTESMBAGA1UEChMJQXV0aDAgTExDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZiVmNHiXLldrgbS50ONNOH7pJ2zg6OcSMkYZGDZJbOZ/TqwauC6JOnI7+xtkPJsQHZSFJs4U0srjZKzDCmaz2jLAJDShP2jaXlrki16nDLPE//IGAg3BJguSmBCWpDbSm92V9hSsE+Mhx6bDaJiw8yQ+Q8iSm0aTQZtp6O4ICMu00ESdh9NJqIECELvP31ADV1Xhj7IbyyVPDFxMv3ol5BySE9wwwOFUq/wv7Xz9LRiUjUzPO+Lq3OM3o/uCDbk7jD7XrGUuOydALD8ULsXp4EuDO+nFbeXB/iKndZynuVKokirywl2nD2IP0/yncdLQZ8ByIyqP3G82fq/l8p7AsCAwEAAaOBxzCBxDAdBgNVHQ4EFgQUHI2rUXeBjTv1zAllaPGrHFcEK0YwgZQGA1UdIwSBjDCBiYAUHI2rUXeBjTv1zAllaPGrHFcEK0ahZqRkMGIxGDAWBgNVBAMTD2F1dGgwLmF1dGgwLmNvbTESMBAGA1UEChMJQXV0aDAgTExDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZIIJALr9HwgrQ7GeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFrXIhCy4T4eGrikb0R2wHv/uS548r3pZyBV0CDbcRwAtbnpJMvkGFqKVp4pmyoIDSVNK/j+sLEshB20XftezHZyRJbCUbtKvXQ6FsxoeZMlN0ITYKTaoBZKhUxxj90otAhNC58qwGUPqt2LewJhHyLucKkGJ1mQ3b5xKZ532ToufouH9VLhig3H1KnxWo/zMD6Ke8cCk6qO9htuhI06s3GQGS1QWQtAmm17C6TfKgDwQFZwhqHUUZnwKRH8gU6OgZsvhgV1B7H5mjZcu57KMiDBekU9MEY0DCVTN3WkmcTII668zLsJrkNX6PEfck1AMBbVE6pEUKcWwq3uaLvlAUo=</X509Certificate></X509Data></KeyInfo></Signature></samlp:Response>';
       var samlp = new Samlp({});