diff --git a/lib/samlp.js b/lib/samlp.js
index 9108c58..e2aa2af 100644
--- a/lib/samlp.js
+++ b/lib/samlp.js
@@ -1,31 +1,31 @@
-var saml20 = require('saml').Saml20;
-var SignedXml = require('xml-crypto').SignedXml;
-var xpath = require('xpath');
-var xtend = require('xtend');
-var utils = require('./utils');
-var templates = require('./templates');
-var encoders = require('./encoders');
+var saml20 = require('saml').Saml20;
+var SignedXml = require('xml-crypto').SignedXml;
+var xpath = require('xpath');
+var xtend = require('xtend');
+var utils = require('./utils');
+var templates = require('./templates');
+var encoders = require('./encoders');
var PassportProfileMapper = require('./claims/PassportProfileMapper');
-var constants = require('./constants');
+var constants = require('./constants');
function buildSamlResponse(options) {
var SAMLResponse = templates.samlresponse({
- id: '_' + utils.generateUniqueID(),
- instant: utils.generateInstant(),
- destination: options.destination || options.audience,
- inResponseTo: options.inResponseTo,
- issuer: options.issuer,
+ id: '_' + utils.generateUniqueID(),
+ instant: utils.generateInstant(),
+ destination: options.destination || options.audience,
+ inResponseTo: options.inResponseTo,
+ issuer: options.issuer,
samlStatusCode: options.samlStatusCode,
samlStatusMessage: options.samlStatusMessage,
- assertion: options.signedAssertion || ''
+ assertion: options.signedAssertion || ''
});
if (options.signResponse) {
- options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ;
+ options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '';
var cannonicalized = SAMLResponse
.replace(/\r\n/g, '')
- .replace(/\n/g,'')
+ .replace(/\n/g, '')
.replace(/>(\s*)<') //unindent
.trim();
@@ -48,7 +48,7 @@ function buildSamlResponse(options) {
}
};
- sig.computeSignature(cannonicalized, { prefix: options.signatureNamespacePrefix, location: { action: 'after', reference: "//*[local-name(.)='Issuer']" }});
+ sig.computeSignature(cannonicalized, { prefix: options.signatureNamespacePrefix, location: { action: 'after', reference: "//*[local-name(.)='Issuer']" } });
SAMLResponse = sig.getSignedXml();
}
@@ -63,7 +63,7 @@ function nameIdentiferNotFoundErrorMessage(options) {
function getSamlResponse(options, user, callback) {
options.profileMapper = options.profileMapper || PassportProfileMapper;
- options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ;
+ options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '';
var profileMap = options.profileMapper(user);
var claims = profileMap.getClaims(options);
@@ -76,25 +76,25 @@ function getSamlResponse(options, user, callback) {
}
saml20.create({
- signatureAlgorithm: options.signatureAlgorithm,
- digestAlgorithm: options.digestAlgorithm,
- cert: options.cert,
- key: options.key,
- issuer: options.issuer,
- lifetimeInSeconds: options.lifetimeInSeconds || 3600,
- audiences: options.audience,
- attributes: claims,
- nameIdentifier: ni.nameIdentifier,
+ signatureAlgorithm: options.signatureAlgorithm,
+ digestAlgorithm: options.digestAlgorithm,
+ cert: options.cert,
+ key: options.key,
+ issuer: options.issuer,
+ lifetimeInSeconds: options.lifetimeInSeconds || 3600,
+ audiences: options.audience,
+ attributes: claims,
+ nameIdentifier: ni.nameIdentifier,
nameIdentifierFormat: ni.nameIdentifierFormat || options.nameIdentifierFormat,
- recipient: options.recipient,
- inResponseTo: options.inResponseTo,
+ recipient: options.recipient,
+ inResponseTo: options.inResponseTo,
authnContextClassRef: options.authnContextClassRef,
- encryptionPublicKey: options.encryptionPublicKey,
- encryptionCert: options.encryptionCert,
- sessionIndex: options.sessionIndex,
- typedAttributes: options.typedAttributes,
- includeAttributeNameFormat: options.includeAttributeNameFormat,
- signatureNamespacePrefix: options.signatureNamespacePrefix
+ encryptionPublicKey: options.encryptionPublicKey,
+ encryptionCert: options.encryptionCert,
+ sessionIndex: options.sessionIndex,
+ typedAttributes: options.typedAttributes,
+ includeAttributeNameFormat: options.includeAttributeNameFormat,
+ signatureNamespacePrefix: options.signatureNamespacePrefix
}, function (err, signedAssertion) {
if (err) return callback(err);
@@ -122,8 +122,8 @@ function getSamlResponse(options, user, callback) {
* @param {[type]} options [description]
* @return {[type]} [description]
*/
-module.exports.auth = function(options) {
- options.getUserFromRequest = options.getUserFromRequest || function(req){ return req.user; };
+module.exports.auth = function (options) {
+ options.getUserFromRequest = options.getUserFromRequest || function (req) { return req.user; };
options.signatureAlgorithm = options.signatureAlgorithm || 'rsa-sha256';
options.digestAlgorithm = options.digestAlgorithm || 'sha256';
@@ -134,13 +134,13 @@ module.exports.auth = function(options) {
return function (req, res, next) {
var opts = xtend({}, options || {}); // clone options
- if(req.method === 'GET' && req.query.Signature){
+ if (req.method === 'GET' && req.query.Signature) {
opts.signature = req.query.Signature;
opts.sigAlg = req.query.SigAlg;
opts.relayState = opts.RelayState || req.query.RelayState;
}
- function execute (postUrl, audience, req, res, next) {
+ function execute(postUrl, audience, req, res, next) {
var user = opts.getUserFromRequest(req);
if (!user) return res.send(401);
@@ -157,21 +157,21 @@ module.exports.auth = function(options) {
} else {
res.set('Content-Type', 'text/html');
res.send(templates.form({
- type: 'SAMLResponse',
- callback: postUrl,
- RelayState: opts.RelayState || (req.query || {}).RelayState || (req.body || {}).RelayState || '',
- token: response.toString('base64')
+ type: 'SAMLResponse',
+ callback: postUrl,
+ RelayState: opts.RelayState || (req.query || {}).RelayState || (req.body || {}).RelayState || '',
+ token: response.toString('base64')
}));
}
});
}
- utils.parseSamlRequest(req, (req.query || {}).SAMLRequest || (req.body || {}).SAMLRequest, "AUTHN_REQUEST", opts, function(err, samlRequestDom) {
+ utils.parseSamlRequest(req, (req.query || {}).SAMLRequest || (req.body || {}).SAMLRequest, "AUTHN_REQUEST", opts, function (err, samlRequestDom) {
if (err) return next(err);
var audience = opts.audience;
if (samlRequestDom) {
- if (!audience){
+ if (!audience) {
var issuer = xpath.select("//*[local-name(.)='Issuer' and namespace-uri(.)='urn:oasis:names:tc:SAML:2.0:assertion']/text()", samlRequestDom);
if (issuer && issuer.length > 0)
audience = issuer[0].textContent;
@@ -191,8 +191,8 @@ module.exports.auth = function(options) {
};
};
-module.exports.parseRequest = function(req, options, callback) {
- if (typeof options === 'function'){
+module.exports.parseRequest = function (req, options, callback) {
+ if (typeof options === 'function') {
callback = options;
options = {};
}
@@ -201,7 +201,7 @@ module.exports.parseRequest = function(req, options, callback) {
if (!samlRequest)
return callback();
- utils.parseSamlRequest(req, samlRequest, "AUTHN_REQUEST", options, function(err, samlRequestDom) {
+ utils.parseSamlRequest(req, samlRequest, "AUTHN_REQUEST", options, function (err, samlRequestDom) {
if (err) {
return callback(err);
}
@@ -210,6 +210,10 @@ module.exports.parseRequest = function(req, options, callback) {
var issuer = xpath.select("//*[local-name(.)='Issuer' and namespace-uri(.)='urn:oasis:names:tc:SAML:2.0:assertion']/text()", samlRequestDom);
if (issuer && issuer.length > 0) data.issuer = issuer[0].textContent;
+
+ var subject = xpath.select("//*[local-name(.)='Subject' and namespace-uri(.)='urn:oasis:names:tc:SAML:2.0:assertion']/*[local-name(.)='NameID']", samlRequestDom);
+ if (subject && subject.length > 0) data.subject = subject[0].textContent;
+
var assertionConsumerUrl = samlRequestDom.documentElement.getAttribute('AssertionConsumerServiceURL');
if (assertionConsumerUrl) data.assertionConsumerServiceURL = assertionConsumerUrl;
@@ -248,10 +252,10 @@ module.exports.sendError = function (options) {
res.set('Content-Type', 'text/html');
res.send(templates.form({
- type: 'SAMLResponse',
- callback: postUrl,
- RelayState: options.RelayState,
- token: response.toString('base64')
+ type: 'SAMLResponse',
+ callback: postUrl,
+ RelayState: options.RelayState,
+ token: response.toString('base64')
}));
}
diff --git a/test/samlp.parse_request.tests.js b/test/samlp.parse_request.tests.js
index 07d5334..9ffbe40 100644
--- a/test/samlp.parse_request.tests.js
+++ b/test/samlp.parse_request.tests.js
@@ -7,11 +7,27 @@ var fs = require('fs')
var path = require('path')
var zlib = require('zlib');
-var requestWithAuthnContextClassRef = '\nhttp://sp\n \n \n 1GJyc/S+0PTuqU1hp6grJy3u4Dk=MKsGyFxVQgCSLwkajqGZBKHskLVo/G1aj1V8PptruBwLBZ9nhMXgX8T+rmDuyTqbHUDfITRMXcREmIqbLyqvK4ICqU24TB4agHtRe9302BeNXCqVbtwQOuQGdjqAKHAIev+4Nd+74PblL5EBUMxnHcS0LavTisXvqab+70vnTn/Bhxqj+upBNyTGscqGpPxrZMqZzlwPpaCMCnDyBj3tyYdh+4iUrzmom3UBQuazpriezEYFa+6HNl0qi6umh9gEkaPjqC7z4HspvA5+R5ipS2zqk54Aq0bH9iFLstzc4BPENB2LrNEtC11xXo6opbk2p9sCeEMH0A/Dlc+LxbR5tg==\nMIIDtTCCAp2gAwIBAgIJAMKR/NsyfcazMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIxMTEyMjM0MzQxWhcNMTYxMjIxMjM0MzQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtH4wKLYlIXZlfYQFJtXZVC3fD8XMarzwvb/fHUyJ6NvNStN+H7GHp3/QhZbSaRyqK5hu5xXtFLgnI0QG8oE1NlXbczjH45LeHWhPIdc2uHSpzXic78kOugMY1vng4J10PF6+T2FNaiv0iXeIQq9xbwwPYpflViQyJnzGCIZ7VGan6GbRKzyTKcB58yx24pJq+CviLXEY52TIW1l5imcjGvLtlCp1za9qBZa4XGoVqHi1kRXkdDSHty6lZWj3KxoRvTbiaBCH+75U7rifS6fR9lqjWE57bCGoz7+BBu9YmPKtI1KkyHFqWpxaJc/AKf9xgg+UumeqVcirUmAsHJrMwIDAQABo4GnMIGkMB0GA1UdDgQWBBTs83nkLtoXFlmBUts3EIxcVvkvcjB1BgNVHSMEbjBsgBTs83nkLtoXFlmBUts3EIxcVvkvcqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMKR/NsyfcazMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABw7w/5k4d5dVDgd/OOOmXdaaCIKvt7d3ntlv1SSvAoKT8d8lt97Dm5RrmefBI13I2yivZg5bfTge4+vAV6VdLFdWeFp1b/FOZkYUv6A8o5HW0OWQYVX26zIqBcG2Qrm3reiSl5BLvpj1WSpCsYvs5kaO4vFpMak/ICgdZD+rxwxf8Vb/6fntKywWSLgwKH3mJ+Z0kRlpq1g1oieiOm1/gpZ35s0YuorXZba9ptfLCYSggg/qc3d3d0tbHplKYkwFm7f5ORGHDSD5SJm+gI7RPE+4bO8q79RPAfbG1UGuJ0b/oigagciHhJp851SQRYf3JuNSc17BnK2L5IEtzjqr+Q=http://schemas.openid.net/pape/policies/2007/06/multi-factor';
-
-var requestWithoutAuthnContextClassRef = '\nhttp://sp\n \n \n HB+gsJjEBYtMgMwznLms7tXAmmo=mt6/9/JW8wsk72FaATq5Xp+TIartEZlDCo+Y8DWCenxoE1KXP0YKP4btEoTO3yop/l9JNMEJm7rONYbLZ+WxpjObCRbuVfmFpS4NNUyEiCTMzaDvzd0ipGpD0Zd/m719cwdhlxe6GjNHBWSmgjW/ojJPtb0aeuwCa3i2rv71R28DPOfLL1324V8YuDyqukqoOMfMI7NMUW5Wklh+AqhIp/rmin4SGQRc6Ccj9judPHQsijws9PtKoWMnWC9mVLd7sRcRY5yXissnnT8v4kH2haG1usu+t3HojhZ/symC9o7cmQJauyJyNLTx5Cl+4tokqwI3amK0gDhhoR0Q2cRxTg==\nMIIDtTCCAp2gAwIBAgIJAMKR/NsyfcazMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIxMTEyMjM0MzQxWhcNMTYxMjIxMjM0MzQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtH4wKLYlIXZlfYQFJtXZVC3fD8XMarzwvb/fHUyJ6NvNStN+H7GHp3/QhZbSaRyqK5hu5xXtFLgnI0QG8oE1NlXbczjH45LeHWhPIdc2uHSpzXic78kOugMY1vng4J10PF6+T2FNaiv0iXeIQq9xbwwPYpflViQyJnzGCIZ7VGan6GbRKzyTKcB58yx24pJq+CviLXEY52TIW1l5imcjGvLtlCp1za9qBZa4XGoVqHi1kRXkdDSHty6lZWj3KxoRvTbiaBCH+75U7rifS6fR9lqjWE57bCGoz7+BBu9YmPKtI1KkyHFqWpxaJc/AKf9xgg+UumeqVcirUmAsHJrMwIDAQABo4GnMIGkMB0GA1UdDgQWBBTs83nkLtoXFlmBUts3EIxcVvkvcjB1BgNVHSMEbjBsgBTs83nkLtoXFlmBUts3EIxcVvkvcqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMKR/NsyfcazMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABw7w/5k4d5dVDgd/OOOmXdaaCIKvt7d3ntlv1SSvAoKT8d8lt97Dm5RrmefBI13I2yivZg5bfTge4+vAV6VdLFdWeFp1b/FOZkYUv6A8o5HW0OWQYVX26zIqBcG2Qrm3reiSl5BLvpj1WSpCsYvs5kaO4vFpMak/ICgdZD+rxwxf8Vb/6fntKywWSLgwKH3mJ+Z0kRlpq1g1oieiOm1/gpZ35s0YuorXZba9ptfLCYSggg/qc3d3d0tbHplKYkwFm7f5ORGHDSD5SJm+gI7RPE+4bO8q79RPAfbG1UGuJ0b/oigagciHhJp851SQRYf3JuNSc17BnK2L5IEtzjqr+Q=';
-
-describe('samlp parse response', function() {
+var requestWithAuthnContextClassRef = `
+test@samlreq.comhttp://sp
+
+
+ GhzsHhoK8QpTW5Q54Ab9zstSenc=BJheKXguoWu+UuLXMU7Lxctv2h4wZnSrX1A15USop5kndsUMOMp0Zs5qkUtMfjuJnbpIZkfboz2Rca61E805k59zOW6IzNFnXfXf38YJ1CJ7RDoFYdF/PR4QSzCIfK/X4R/K+IWi9Janhr472kJLV4eHi+FH3hIVzZFT33xt6tfAkmPmxdjaVuDBEg+ytIDY6usthAKcxOtlJiCqmiGRFM/5wvPnK1X0roHsMnUPCdW2uOhCB9XqqaWWz/4AesxCA3v3RXhT5CvI9bs/J9zyjAoiCq0KDHY6nBykGqO8GCL6gvLJuM5tN790m1MhRxvdRTwCmV6OO9cMJ2kk8Y94pg==
+MIIDtTCCAp2gAwIBAgIJAMKR/NsyfcazMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIxMTEyMjM0MzQxWhcNMTYxMjIxMjM0MzQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtH4wKLYlIXZlfYQFJtXZVC3fD8XMarzwvb/fHUyJ6NvNStN+H7GHp3/QhZbSaRyqK5hu5xXtFLgnI0QG8oE1NlXbczjH45LeHWhPIdc2uHSpzXic78kOugMY1vng4J10PF6+T2FNaiv0iXeIQq9xbwwPYpflViQyJnzGCIZ7VGan6GbRKzyTKcB58yx24pJq+CviLXEY52TIW1l5imcjGvLtlCp1za9qBZa4XGoVqHi1kRXkdDSHty6lZWj3KxoRvTbiaBCH+75U7rifS6fR9lqjWE57bCGoz7+BBu9YmPKtI1KkyHFqWpxaJc/AKf9xgg+UumeqVcirUmAsHJrMwIDAQABo4GnMIGkMB0GA1UdDgQWBBTs83nkLtoXFlmBUts3EIxcVvkvcjB1BgNVHSMEbjBsgBTs83nkLtoXFlmBUts3EIxcVvkvcqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMKR/NsyfcazMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABw7w/5k4d5dVDgd/OOOmXdaaCIKvt7d3ntlv1SSvAoKT8d8lt97Dm5RrmefBI13I2yivZg5bfTge4+vAV6VdLFdWeFp1b/FOZkYUv6A8o5HW0OWQYVX26zIqBcG2Qrm3reiSl5BLvpj1WSpCsYvs5kaO4vFpMak/ICgdZD+rxwxf8Vb/6fntKywWSLgwKH3mJ+Z0kRlpq1g1oieiOm1/gpZ35s0YuorXZba9ptfLCYSggg/qc3d3d0tbHplKYkwFm7f5ORGHDSD5SJm+gI7RPE+4bO8q79RPAfbG1UGuJ0b/oigagciHhJp851SQRYf3JuNSc17BnK2L5IEtzjqr+Q=http://schemas.openid.net/pape/policies/2007/06/multi-factor`;
+
+var requestWithoutAuthnContextClassRef = `
+
+
+test@samlreq.com
+
+http://sp
+
+
+ UZB6cYGRYoUa2Mt+LqU+D+7qZlI=n7Icnw3cwlZjfhNaXDTAoFycIZew8i0dHspZVKmxk9KxRapRwJ0InFkJT4wLTs+58mlPob7m0bEHT9ph1QHkA5tzDa1dja2nCtIvEgL3ajsKpW2LEzbCVFmoCEXSBZ19LePjLzmXHI2TptEbuNoIIoWWRVuWjcuz0QQGKhbukSC8KQI/6UeVGk3CQWCYxnkwl7jnGmDkawoiyTAWssTvVq90tdzGhuRBSXwat8ncfYwAxbP+Sip3Qqyh5gkqP4AnfKp1jG7LTHxY+HQ+XmntIDESHVj+VYrWfpKI2L/sZDKgSEzjOGhzwBWRIoC9yK4SYDUmru0LO1i2dO52MqfutQ==
+MIIDtTCCAp2gAwIBAgIJAMKR/NsyfcazMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIxMTEyMjM0MzQxWhcNMTYxMjIxMjM0MzQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtH4wKLYlIXZlfYQFJtXZVC3fD8XMarzwvb/fHUyJ6NvNStN+H7GHp3/QhZbSaRyqK5hu5xXtFLgnI0QG8oE1NlXbczjH45LeHWhPIdc2uHSpzXic78kOugMY1vng4J10PF6+T2FNaiv0iXeIQq9xbwwPYpflViQyJnzGCIZ7VGan6GbRKzyTKcB58yx24pJq+CviLXEY52TIW1l5imcjGvLtlCp1za9qBZa4XGoVqHi1kRXkdDSHty6lZWj3KxoRvTbiaBCH+75U7rifS6fR9lqjWE57bCGoz7+BBu9YmPKtI1KkyHFqWpxaJc/AKf9xgg+UumeqVcirUmAsHJrMwIDAQABo4GnMIGkMB0GA1UdDgQWBBTs83nkLtoXFlmBUts3EIxcVvkvcjB1BgNVHSMEbjBsgBTs83nkLtoXFlmBUts3EIxcVvkvcqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMKR/NsyfcazMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABw7w/5k4d5dVDgd/OOOmXdaaCIKvt7d3ntlv1SSvAoKT8d8lt97Dm5RrmefBI13I2yivZg5bfTge4+vAV6VdLFdWeFp1b/FOZkYUv6A8o5HW0OWQYVX26zIqBcG2Qrm3reiSl5BLvpj1WSpCsYvs5kaO4vFpMak/ICgdZD+rxwxf8Vb/6fntKywWSLgwKH3mJ+Z0kRlpq1g1oieiOm1/gpZ35s0YuorXZba9ptfLCYSggg/qc3d3d0tbHplKYkwFm7f5ORGHDSD5SJm+gI7RPE+4bO8q79RPAfbG1UGuJ0b/oigagciHhJp851SQRYf3JuNSc17BnK2L5IEtzjqr+Q=
+
+`;
+
+describe('samlp parse response', function () {
var cert;
before(function () {
@@ -21,8 +37,8 @@ describe('samlp parse response', function() {
describe('SAMLRequest on querystring', function () {
let parseResult;
- describe('when request has authnContextClassRef', function() {
- it('should return a valid response', function(done){
+ describe('when request has authnContextClassRef', function () {
+ it('should return a valid response', function (done) {
samlp.parseRequest({
query: {
SAMLRequest: new Buffer(requestWithAuthnContextClassRef).toString('base64'),
@@ -30,15 +46,16 @@ describe('samlp parse response', function() {
}
}, {
signingCert: cert,
- thumbprints: [ encoder.thumbprint(cert) ],
+ thumbprints: [encoder.thumbprint(cert)],
relayState: '123'
- }, function(err, result) {
+ }, function (err, result) {
expect(err).not.to.exist;
expect(result).to.eql({
issuer: 'http://sp',
+ subject: 'test@samlreq.com',
assertionConsumerServiceURL: 'https://acs',
destination: 'https://destination',
- id: 'pfxe6c08b2b-e9a1-5d44-9016-f4c2b59add88',
+ id: 'pfx9702ffd6-91a0-24bd-17f6-c66a3ac24f70',
requestedAuthnContext: {
authnContextClassRef: 'http://schemas.openid.net/pape/policies/2007/06/multi-factor'
}
@@ -49,39 +66,40 @@ describe('samlp parse response', function() {
});
});
- describe('when request does not have authnContextClassRef', function() {
- it('should return a valid response', function(done){
+ describe('when request does not have authnContextClassRef', function () {
+ it('should return a valid response', function (done) {
samlp.parseRequest({
- query: {
- SAMLRequest: new Buffer(requestWithoutAuthnContextClassRef).toString('base64'),
- RelayState: '123'
- }
- }, {
- signingCert: cert,
- thumbprints: [ encoder.thumbprint(cert) ],
- relayState: '123'
- }, function(err, result) {
- if (err) {
- done(err);
- return;
- }
-
- expect(err).not.to.exist;
- expect(result).to.eql({
- issuer: 'http://sp',
- assertionConsumerServiceURL: 'https://acs',
- destination: 'https://destination',
- id: 'pfx20d87357-f8ae-db44-a7a9-39c0446a2ee2'
- });
+ query: {
+ SAMLRequest: new Buffer(requestWithoutAuthnContextClassRef).toString('base64'),
+ RelayState: '123'
+ }
+ }, {
+ signingCert: cert,
+ thumbprints: [encoder.thumbprint(cert)],
+ relayState: '123'
+ }, function (err, result) {
+ if (err) {
+ done(err);
+ return;
+ }
- done();
+ expect(err).not.to.exist;
+ expect(result).to.eql({
+ issuer: 'http://sp',
+ subject: 'test@samlreq.com',
+ assertionConsumerServiceURL: 'https://acs',
+ destination: 'https://destination',
+ id: 'pfxa4ada2aa-21ed-2788-7f49-e708fdaebc88'
});
+
+ done();
+ });
});
});
- describe('when request is not a valid XML', function(){
+ describe('when request is not a valid XML', function () {
// There was a bug in xmldom causing an infinite loop in this case
- it('should return an empty object', function(done){
+ it('should return an empty object', function (done) {
const req = '