Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make use of AssertionConsumerServiceIndex in login request #532

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/binding-post.ts
Original file line number Diff line number Diff line change
Expand Up @@ -90,15 +90,15 @@ async function base64LoginResponse(requestInfo: any = {}, entity: any, user: any
const nameIDFormat = idpSetting.nameIDFormat;
const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
if (metadata && metadata.idp && metadata.sp) {
const base = metadata.sp.getAssertionConsumerService(binding.post);
const base = metadata.sp.getAssertionConsumerService(binding.post, requestInfo.extract.request.assertionConsumerServiceIndex);
let rawSamlResponse: string;
const nowTime = new Date();
const spEntityID = metadata.sp.getEntityID();
const fiveMinutesLaterTime = new Date(nowTime.getTime());
fiveMinutesLaterTime.setMinutes(fiveMinutesLaterTime.getMinutes() + 5);
const fiveMinutesLater = fiveMinutesLaterTime.toISOString();
const now = nowTime.toISOString();
const acl = metadata.sp.getAssertionConsumerService(binding.post);
const acl = metadata.sp.getAssertionConsumerService(binding.post, requestInfo.extract.request.assertionConsumerServiceIndex);
const tvalue: any = {
ID: id,
AssertionID: idpSetting.generateID(),
Expand Down
2 changes: 1 addition & 1 deletion src/binding-redirect.ts
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {},

let id: string = idpSetting.generateID();
if (metadata && metadata.idp && metadata.sp) {
const base = metadata.sp.getAssertionConsumerService(binding.redirect);
const base = metadata.sp.getAssertionConsumerService(binding.redirect, requestInfo.extract.request.assertionConsumerServiceIndex);
let rawSamlResponse: string;
//
const nameIDFormat = idpSetting.nameIDFormat;
Expand Down
2 changes: 1 addition & 1 deletion src/binding-simplesign.ts
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ async function base64LoginResponse(requestInfo: any = {}, entity: any, user: any
const nameIDFormat = idpSetting.nameIDFormat;
const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
if (metadata && metadata.idp && metadata.sp) {
const base = metadata.sp.getAssertionConsumerService(binding.simpleSign);
const base = metadata.sp.getAssertionConsumerService(binding.simpleSign, requestInfo.extract.request.assertionConsumerServiceIndex);
let rawSamlResponse: string;
const nowTime = new Date();
// Five minutes later : nowtime + 5 * 60 * 1000 (in milliseconds)
Expand Down
2 changes: 1 addition & 1 deletion src/entity-idp.ts
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ export class IdentityProvider extends Entity {
return {
...context,
relayState,
entityEndpoint: (sp.entityMeta as ServiceProviderMetadata).getAssertionConsumerService(binding) as string,
entityEndpoint: (sp.entityMeta as ServiceProviderMetadata).getAssertionConsumerService(binding, requestInfo.extract.request.assertionConsumerServiceIndex) as string,
type: 'SAMLResponse'
};
}
Expand Down
2 changes: 1 addition & 1 deletion src/extractor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ export const loginRequestFields: ExtractorFields = [
{
key: 'request',
localPath: ['AuthnRequest'],
attributes: ['ID', 'IssueInstant', 'Destination', 'AssertionConsumerServiceURL']
attributes: ['ID', 'IssueInstant', 'Destination', 'AssertionConsumerServiceURL', 'AssertionConsumerServiceIndex']
},
{
key: 'issuer',
Expand Down
6 changes: 5 additions & 1 deletion src/metadata-sp.ts
Original file line number Diff line number Diff line change
Expand Up @@ -180,11 +180,15 @@ export class SpMetadata extends Metadata {
* @param {string} binding protocol binding (e.g. redirect, post)
* @return {string/[string]} URL of endpoint(s)
*/
public getAssertionConsumerService(binding: string): string | string[] {
public getAssertionConsumerService(binding: string, index?: number): string | string[] {
if (isString(binding)) {
let location;
const bindName = namespace.binding[binding];
if (isNonEmptyArray(this.meta.assertionConsumerService)) {
if(index != undefined && this.meta.assertionConsumerService.length >= index + 1) {
return this.meta.assertionConsumerService[index].location;
}

this.meta.assertionConsumerService.forEach(obj => {
if (obj.binding === bindName) {
location = obj.location;
Expand Down
9 changes: 9 additions & 0 deletions test/issues.ts
Original file line number Diff line number Diff line change
Expand Up @@ -164,4 +164,13 @@ test('#31 query param for sso/slo returns error', t => {
const index = Object.keys(authnRequest.attributes).find((i: string) => authnRequest.attributes[i].nodeName === 'AssertionConsumerServiceURL') as any;
t.is(authnRequest.attributes[index].nodeValue, 'https://example.org/response');
});

const spACSIndex = serviceProvider({ metadata: fs.readFileSync('./test/misc/sp_metadata_437.xml') });
test('#437 return acl for sp metadata with acs index', t => {
const urlIndex0 = spACSIndex.entityMeta.getAssertionConsumerService('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 0);
const urlIndex1 = spACSIndex.entityMeta.getAssertionConsumerService('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 1);
t.is(urlIndex0,'https://example.org/responseForIndex0');
t.is(urlIndex1,'https://example.org/responseForIndex1');
});

})();
7 changes: 7 additions & 0 deletions test/misc/sp_metadata_437.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.org/response">
<SPSSODescriptor AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/responseForIndex0"/>
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/responseForIndex1"/>
</SPSSODescriptor>
</EntityDescriptor>