Coder Social home page Coder Social logo

authress-engineering / saml-login.js Goto Github PK

View Code? Open in Web Editor NEW
4.0 3.0 2.0 1.36 MB

SAML2.0 Application, Service Provider, and Identity Provider login adapter for Node.js

Home Page: https://authress.io

License: Apache License 2.0

JavaScript 7.18% TypeScript 92.82%
saml saml2 saml-idp saml2-sp-sso saml2-idp saml-authentication saml-identity-provider saml-sp

saml-login.js's People

Contributors

adalinesimonian avatar alvinward avatar archinowsk avatar ashimaathri avatar bergie avatar cjbarth avatar dependabot[bot] avatar eero3 avatar forty avatar gnawhleinad avatar gugu avatar heikkihakkalasc avatar jess-sheneberger avatar josecolella avatar lcalvy avatar lonerifle avatar mans0954 avatar markstos avatar mhassan1 avatar midgleyc avatar pdspicer avatar ploer avatar rob-gijsens avatar stavros-wb avatar tkopczuk avatar vandernorth avatar walokra avatar wparad avatar xdmnl avatar zoellner avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

wparad jinlianwang

saml-login.js's Issues

Potentially handle logout differently 

  public async generateLogoutRequest(user: Profile, options: LogoutOptions) : Promise<string> {
    const id = options.generateUniqueId();
    const instant = generateInstant();

    const request = {
      "samlp:LogoutRequest": {
        "@xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
        "@xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
        "@ID": id,
        "@Version": "2.0",
        "@IssueInstant": instant,
        "@Destination": options.logoutUrl,
        "saml:Issuer": {
          "@xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
          "#text": options.issuer,
        },
        "saml:NameID": {
          "@Format": user!.nameIDFormat,
          "#text": user!.nameID,
        },
      },
    } as LogoutRequestXML;

    if (user!.nameQualifier != null) {
      request["samlp:LogoutRequest"]["saml:NameID"]["@NameQualifier"] = user!.nameQualifier;
    }

    if (user!.spNameQualifier != null) {
      request["samlp:LogoutRequest"]["saml:NameID"]["@SPNameQualifier"] = user!.spNameQualifier;
    }

    if (user!.sessionIndex) {
      request["samlp:LogoutRequest"]["saml2p:SessionIndex"] = {
        "@xmlns:saml2p": "urn:oasis:names:tc:SAML:2.0:protocol",
        "#text": user!.sessionIndex,
      };
    }

    await this.cacheProvider.save(id, instant);
    const request = buildXmlBuilderObject(request, false);
    await this._requestToUrl(request, null, "logout");
  }

  public async generateLogoutResponse(user: Profile, options: LogoutOptions) : Promise<string> {
    const id = options.generateUniqueId();
    const instant = generateInstant();

    const request = {
      "samlp:LogoutResponse": {
        "@xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
        "@xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
        "@ID": id,
        "@Version": "2.0",
        "@IssueInstant": instant,
        "@Destination": options.logoutUrl,
        "@InResponseTo": logoutRequest.ID,
        "saml:Issuer": {
          "#text": options.issuer,
        },
        "samlp:Status": {
          "samlp:StatusCode": {
            "@Value": "urn:oasis:names:tc:SAML:2.0:status:Success",
          },
        },
      },
    };

    return buildXmlBuilderObject(request, false);
  }

  private async _requestToUrl(
    request: string | null | undefined,
    response: string | null,
    operation: string,
    additionalParameters: querystring.ParsedUrlQuery
  ): Promise<string> {
    providerSingleSignOnUrl = assertRequired(options.providerSingleSignOnUrl, "providerSingleSignOnUrl is required");

    let buffer: Buffer;
    if (options.skipRequestCompression) {
      buffer = Buffer.from((request || response)!, "utf8");
    } else {
      buffer = await deflateRaw((request || response)!);
    }

    const base64 = buffer.toString("base64");
    let target = new URL(providerSingleSignOnUrl);

    if (operation === "logout") {
      if (options.logoutUrl) {
        target = new URL(options.logoutUrl);
      }
    } else if (operation !== "authorize") {
      throw new Error("Unknown operation: " + operation);
    }

    const samlMessage: querystring.ParsedUrlQuery = request
      ? {
          SAMLRequest: base64,
        }
      : {
          SAMLResponse: base64,
        };
    Object.keys(additionalParameters).forEach((k) => {
      samlMessage[k] = additionalParameters[k];
    });
    if (options.privateKey != null) {
      if (!providerSingleSignOnUrl) {
        throw new Error('"providerSingleSignOnUrl" config parameter is required for signed messages');
      }

      // sets .SigAlg and .Signature
      this.signRequest(samlMessage);
    }
    Object.keys(samlMessage).forEach((k) => {
      target.searchParams.set(k, samlMessage[k] as string);
    });

    return target.toString();
  }

  public async getLogoutResponseUrl(options: LogoutResponseOptions) : Promise<string> {
    const response = this._generateLogoutResponse(samlLogoutRequest);
    return await this._requestToUrl(null, response, 'logout');
  }

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.