From 6fe09ec22bf10a7d21c973ac750a91702690dfa7 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 17 Aug 2019 22:54:39 +0100
Subject: [PATCH] Properly parse the x509 cert in saml-server

---
 saml/saml.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/saml/saml.go b/saml/saml.go
index bd0f898..af567b7 100644
--- a/saml/saml.go
+++ b/saml/saml.go
@@ -3,6 +3,7 @@ package saml
 import (
 	"crypto/rand"
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/xml"
@@ -213,7 +214,11 @@ func NewSAMLIDP(config *Config) (http.Handler, error) {
 		return nil, err
 	}
 
-	cert, err := tls.LoadX509KeyPair(config.CertificateFile, config.PrivateKeyFile)
+	tlsCert, err := tls.LoadX509KeyPair(config.CertificateFile, config.PrivateKeyFile)
+	if err != nil {
+		return nil, err
+	}
+	x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0])
 	if err != nil {
 		return nil, err
 	}
@@ -250,8 +255,8 @@ func NewSAMLIDP(config *Config) (http.Handler, error) {
 	// mux.Router in front in order to wrap just the ssoURL with
 	// our own SSO handler.
 	idp := &saml.IdentityProvider{
-		Key:                     cert.PrivateKey,
-		Certificate:             cert.Leaf,
+		Key:                     tlsCert.PrivateKey,
+		Certificate:             x509Cert,
 		Logger:                  logger.DefaultLogger,
 		MetadataURL:             metadataURL,
 		SSOURL:                  ssoURL,
-- 
GitLab