SAML assertion signing using HSM

[troyfactor4]

Describe the problem you'd like to have solved

I would like to have my private key stored in my key signing server or HSM. Using an HSM server would provide greater security for the private keys.

Describe the ideal solution

The unsigned XML document should be passed to the HSM server and a signature returned to be embedded in the XML document. The private keys should never leave the HSM.

Alternatives and current work-arounds

No good workarounds are currently available.

Additional context

I have a PR ready for both node-saml and node-samlp, creating this issue just to follow protocol. The solution includes a simple upgrade to allow asynchronous XML signing using a custom function provided by the host application. Unit tests have been created and are passing. The necessary PR's have already been made to xml-crypto version 1.5.3.

I can create the PR once the dependency for node-saml PR is merged