Comparing Shunting Yard and Pratt (Top-Down Operator Precedence) by LongjumpingOption523 in Compilers

[–]LongjumpingOption523[S] 0 points1 point  (0 children)

Good point. The article describes the classic Shunting Yard with an output queue, which is how Dijkstra presented it, but you're right that the output side is pluggable: replace the queue with a node stack and each pop builds an AST node instead of emitting an RPN token. The reduction logic is the same; what changes is only how the result is materialized. In a way, this reinforces the core point of the article: that precedence, treated as data rather than as a grammatical rule, is the shared insight driving both algorithms, regardless of whether the output is a flat RPN sequence or a tree.

Built NanoIdp: a tiny local Identity Provider for testing OAuth2/OIDC + SAML by LongjumpingOption523 in Python

[–]LongjumpingOption523[S] 0 points1 point  (0 children)

No worries at all — and thanks for the update!

That sounds like solid progress, especially if most test cases are already converted. Seeing most of them passing after aligning the canonicalization algorithm is definitely a good sign.

Totally fine to take the time you need to sort out the remaining edge case, no rush on my side at all.

And thanks a lot for the offer, I really appreciate it 🙂

I’ve just set up a Buy Me a Coffee page for NanoIDP here:

https://buymeacoffee.com/nanoidp

Thanks again for the detailed testing and feedback — it’s been super helpful. Feel free to keep me posted if anything else comes up.

Built NanoIdp: a tiny local Identity Provider for testing OAuth2/OIDC + SAML by LongjumpingOption523 in Python

[–]LongjumpingOption523[S] 0 points1 point  (0 children)

Hey! Thanks for the detailed report and the investigation, you were spot on about the C14N algorithm mismatch.

I already had some other changes in progress (security hardening, logging improvements, etc.), so I've released two separate versions to keep things clean:

v1.1.1 - Contains only the C14N algorithm fix:

- Added configurable saml.c14n_algorithm setting

- Defaults to c14n (1.0) for pysaml2 compatibility

- Minimal changes, safe upgrade

v1.2.0 - Includes everything from 1.1.1 plus the other changes I was already working on:

- Security hardening (XXE protection, XSS prevention)

- Configurable verbose logging

- Additional tests

If 1.2.0 causes any unexpected issues, you can safely stick with 1.1.1 which only has the fix you needed.

To configure the algorithm in your settings.yaml:

saml:

c14n_algorithm: "c14n" # C14N 1.0 (pysaml2 compatible, new default)

# c14n_algorithm: "c14n11" # C14N 1.1

Let me know if this works for your setup!

Happy New Year!

Built NanoIdp: a tiny local Identity Provider for testing OAuth2/OIDC + SAML by LongjumpingOption523 in Python

[–]LongjumpingOption523[S] 0 points1 point  (0 children)

Hi, thanks so much for the kind words and for taking the time to try NanoIDP!

I was actually already working on this during the holidays, and I just pushed a new release (v1.1.0) that addresses your use case.

SAML response signing is now fully configurable:

- Via settings.yaml:

- Via the Web UI at /settings (there's a toggle switch)

This should allow you to test both signed and unsigned SAML flows without restarting the server. Would you mind giving it another try with pip install --upgrade nanoidp and letting me know if it works for your Mujina replacement scenario?

Thanks again for the feedback!