Search code examples
rubyxmlxpathrexml

In REXML XPATH match function, what do multiple namespaces do in the namespace mapping?

I'm trying to understand exactly what line 785 does here:

https://github.com/onelogin/ruby-saml/blob/15fb4789f8cd119fdbd722d58c659129d23a256d/lib/onelogin/ruby-saml/response.rb#L777

however I can find no clear explanation of this in the docs e.g. here:

https://contest-server.cs.uchicago.edu/ref/ruby_1_9_3_stdlib/libdoc/rexml/rdoc/REXML/XPath.html#method-c-match

I.e. I can understand what targeting a single namespace ("ps") does, but what does the addition of the second namespace ("d") do?

Edit: follow up clarification: would a document starting with this be successfully parsed, given that the 'protocol' namespace is lower-case in the document but upper case in the code?

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" >
Solution

  • The response being queried via XPath uses two different namespaces,

    • The namespace bound to the p namespace prefix is for SAML Core (urn:oasis:names:tc:SAML:2.0:protocol).
    • The namespace bound to ds is for XML Signature (http://www.w3.org/2000/09/xmldsig#).

    and both are declared to the XPath processor via the argument to REXML::XPath.match on the cited line in the code:

          { "p" => PROTOCOL, "ds" => DSIG },

    Update per question update

    The namespace prefix (p) is arbitrary and need not match the one used in the document. The namespace (urn:oasis:names:tc:SAML:2.0:protocol) is what's important and must match the one used in the document. Both are case-sensitive.