fixes #3

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+### v0.7.2
+
++   Added `use_redirect_for_idp_req` config parameter. By default `Samly` uses HTTP POST when sending requests to IdP. Set this config parameter to `true` if HTTP redirection should be used instead.
+
 ### v0.7.1
 
 +   Added config option (`entity_id`). OOTB uses metadata URI as entity ID. Can be specified (`urn` entity ID for example) to override the default.

README.md

@@ -156,6 +156,7 @@ config :samly, Samly.Provider,
   base_url: "http://samly.howto:4003/sso",
   #entity_id: "urn:myapp-host:my-id",
   #pre_session_create_pipeline: MySamlyPipeline,
+  #use_redirect_for_idp_req: false,
   #sign_requests: true,
   #sign_metadata: true,
   #signed_envelopes_in_idp_resp: true,

lib/samly/auth_handler.ex

@@ -6,7 +6,7 @@ defmodule Samly.AuthHandler do
   alias Samly.Helper
   alias Samly.State
 
-  import Samly.RouterUtil, only: [send_saml_request: 4, redirect: 3]
+  import Samly.RouterUtil, only: [send_saml_request: 5, redirect: 3]
 
   @sso_init_resp_template """
   <body onload=\"document.forms[0].submit()\">
@@ -81,7 +81,8 @@ defmodule Samly.AuthHandler do
         |>  configure_session(renew: true)
         |>  put_session("relay_state", relay_state)
         |>  put_session("target_url", target_url)
-        |>  send_saml_request(idp_signin_url, req_xml_frag, relay_state |> URI.encode_www_form())
+        |>  send_saml_request(idp_signin_url, Helper.use_redirect_for_idp_req(),
+              req_xml_frag, relay_state |> URI.encode_www_form())
     end
   rescue
     error ->
@@ -108,7 +109,8 @@ defmodule Samly.AuthHandler do
         |>  put_session("target_url", target_url)
         |>  put_session("relay_state", relay_state)
         |>  delete_session("samly_nameid")
-        |>  send_saml_request(idp_signout_url, req_xml_frag, relay_state |> URI.encode_www_form())
+        |>  send_saml_request(idp_signout_url, Helper.use_redirect_for_idp_req(),
+              req_xml_frag, relay_state |> URI.encode_www_form())
       _ ->
         conn
         |>  send_resp(403, "access_denied")

lib/samly/helper.ex

@@ -6,6 +6,10 @@ defmodule Samly.Helper do
   require Samly.Esaml
   alias Samly.{Assertion, Esaml}
 
+  def use_redirect_for_idp_req() do
+    Application.get_env(:samly, :use_redirect_for_idp_req, false)
+  end
+
   def get_metadata_uri(sp_base_url) when is_list(sp_base_url) do
     sp_base_url ++ '/sp/metadata'
   end

lib/samly/provider.ex

@@ -27,6 +27,7 @@ defmodule Samly.Provider do
     base_url: "http://samly.howto:4003/sso",
     #entity_id: "urn:myapp-host:my-id",
     #pre_session_create_pipeline: MySamlyPipeline,
+    #use_redirect_for_idp_req: false,
     #sign_requests: true,
     #sign_metadata: true,
     #signed_envelopes_in_idp_resp: true,
@@ -67,12 +68,13 @@ defmodule Samly.Provider do
   @sign_metadata_opt :sign_metadata
   @signed_envelopes_in_idp_resp_opt :signed_envelopes_in_idp_resp
   @signed_assertion_in_idp_resp_opt :signed_assertion_in_idp_resp
+  @use_redirect_for_idp_req_opt :use_redirect_for_idp_req
 
   @opt_keys [
     @certfile_opt, @keyfile_opt, @idp_metadata_file_opt, @base_url_opt,
     @sign_requests_opt, @sign_metadata_opt,
     @signed_envelopes_in_idp_resp_opt, @signed_assertion_in_idp_resp_opt,
-    @entity_id_opt, @pre_session_create_pipeline_opt
+    @entity_id_opt, @pre_session_create_pipeline_opt, @use_redirect_for_idp_req_opt
   ]
 
   @doc false
@@ -93,6 +95,11 @@ defmodule Samly.Provider do
             :pre_session_create_pipeline,
             opts[@pre_session_create_pipeline_opt])
         end
+        if opts[@use_redirect_for_idp_req_opt] do
+          Application.put_env(:samly,
+            :use_redirect_for_idp_req,
+            opts[@use_redirect_for_idp_req_opt])
+        end
       error -> error
     end
     {:ok, %{}}
@@ -135,6 +142,7 @@ defmodule Samly.Provider do
   defp use_env(@sign_metadata_opt), do: truthy_env("SAMLY_SIGN_METADATA")
   defp use_env(@signed_envelopes_in_idp_resp_opt), do: truthy_env("SAMLY_SIGNED_ENVELOPES_IN_IDP_RESP")
   defp use_env(@signed_assertion_in_idp_resp_opt), do: truthy_env("SAMLY_SIGNED_ASSERTION_IN_IDP_RESP")
+  defp use_env(@use_redirect_for_idp_req_opt), do: truthy_env("SAMLY_USE_REDIRECT_FOR_IDP_REQ")
 
   defp truthy_env(name) do
     value = System.get_env(name)
@@ -150,6 +158,7 @@ defmodule Samly.Provider do
   end
 
   defp use_default(@pre_session_create_pipeline_opt), do: nil
+  defp use_default(@use_redirect_for_idp_req_opt), do: false
   defp use_default(@entity_id_opt), do: :undefined
   defp use_default(k) when k in [
       @sign_requests_opt, @sign_metadata_opt,

lib/samly/router_util.ex

@@ -3,13 +3,16 @@ defmodule Samly.RouterUtil do
 
   alias Plug.Conn
 
-  def send_saml_request(conn, idp_url, signed_xml_payload, relay_state) do
-    import :esaml_binding, only: [encode_http_post: 3]
-
-    resp_body = encode_http_post(idp_url, signed_xml_payload, relay_state)
-    conn
-    |>  Conn.put_resp_header("Content-Type", "text/html")
-    |>  Conn.send_resp(200, resp_body)
+  def send_saml_request(conn, idp_url, use_redirect?, signed_xml_payload, relay_state) do
+    if use_redirect? do
+      url = :esaml_binding.encode_http_redirect(idp_url, signed_xml_payload, :undefined, relay_state)
+      conn |> redirect(302, url)
+    else
+      resp_body = :esaml_binding.encode_http_post(idp_url, signed_xml_payload, relay_state)
+      conn
+      |>  Conn.put_resp_header("Content-Type", "text/html")
+      |>  Conn.send_resp(200, resp_body)
+    end
   end
 
   def redirect(conn, status_code, dest) do

lib/samly/sp_handler.ex

@@ -7,7 +7,7 @@ defmodule Samly.SPHandler do
   require Samly.Esaml
   alias Samly.{Assertion, Esaml, Helper, State}
 
-  import Samly.RouterUtil, only: [send_saml_request: 4, redirect: 3]
+  import Samly.RouterUtil, only: [send_saml_request: 5, redirect: 3]
 
   def send_metadata(conn) do
     metadata = Helper.get_sp()
@@ -116,12 +116,14 @@ defmodule Samly.SPHandler do
 
       conn
       |>  configure_session(drop: true)
-      |>  send_saml_request(idp_signout_url, resp_xml_frag, relay_state)
+      |>  send_saml_request(idp_signout_url, Helper.use_redirect_for_idp_req(),
+            resp_xml_frag, relay_state)
     else
       _error ->
         {idp_signout_url, resp_xml_frag} = Helper.gen_idp_signout_resp(sp, idp_metadata, :denied)
         conn
-        |>  send_saml_request(idp_signout_url, resp_xml_frag, relay_state)
+        |>  send_saml_request(idp_signout_url, Helper.use_redirect_for_idp_req(),
+              resp_xml_frag, relay_state)
     end
   rescue
     error ->

mix.exs

@@ -1,7 +1,7 @@
 defmodule Samly.Mixfile do
   use Mix.Project
 
-  @version "0.7.1"
+  @version "0.7.2"
   @description "SAML SP SSO made easy"
   @source_url "https://github.com/handnot2/samly"
 

mix.lock

@@ -1,10 +1,10 @@
-%{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
-  "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [], [], "hexpm"},
-  "earmark": {:hex, :earmark, "1.2.3", "206eb2e2ac1a794aa5256f3982de7a76bf4579ff91cb28d0e17ea2c9491e46a4", [], [], "hexpm"},
-  "esaml": {:hex, :esaml, "3.1.0", "76337f00b5953a6c249fa8c322905c7a069b7c20339ece3756072279e6dcb41c", [], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
-  "ex_doc": {:hex, :ex_doc, "0.17.0", "fdf3dc9c6cd1945afb583488de1bf8c12bd8b2ab80f2e7a0e2476a60b9e3bd8f", [], [{:earmark, "~> 1.1", [hex: :earmark, repo: "hexpm", optional: false]}], "hexpm"},
-  "inch_ex": {:hex, :inch_ex, "0.5.6", "418357418a553baa6d04eccd1b44171936817db61f4c0840112b420b8e378e67", [], [{:poison, "~> 1.5 or ~> 2.0 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
-  "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [], [], "hexpm"},
-  "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
-  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [], [], "hexpm"},
-  "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [], [], "hexpm"}}
+%{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
+  "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"},
+  "earmark": {:hex, :earmark, "1.2.3", "206eb2e2ac1a794aa5256f3982de7a76bf4579ff91cb28d0e17ea2c9491e46a4", [:mix], [], "hexpm"},
+  "esaml": {:hex, :esaml, "3.1.0", "76337f00b5953a6c249fa8c322905c7a069b7c20339ece3756072279e6dcb41c", [:rebar3], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
+  "ex_doc": {:hex, :ex_doc, "0.17.1", "39f777415e769992e6732d9589dc5846ea587f01412241f4a774664c746affbb", [:mix], [{:earmark, "~> 1.1", [hex: :earmark, repo: "hexpm", optional: false]}], "hexpm"},
+  "inch_ex": {:hex, :inch_ex, "0.5.6", "418357418a553baa6d04eccd1b44171936817db61f4c0840112b420b8e378e67", [:mix], [{:poison, "~> 1.5 or ~> 2.0 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
+  "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [:mix], [], "hexpm"},
+  "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
+  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"},
+  "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [:rebar3], [], "hexpm"}}