Commit dd32a45b authored by Peter Loer's avatar Peter Loer
Browse files

Changing HTTP-Post AuthnRequest binding option to be part of SAML object...

Changing HTTP-Post AuthnRequest binding option to be part of SAML object options, named authnRequestBinding, and adding to documentation.
parent 2879451c
......@@ -62,6 +62,7 @@ Config parameter details:
* `authnContext`: if truthy, name identifier format to request auth context (default: `urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport`)
* `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
* `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed.
* `authnRequestBinding`: if set to `HTTP-POST`, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect
* InResponseTo Validation
* `validateInResponseTo`: if truthy, then InResponseTo will be validated from incoming SAML responses
* `requestIdExpirationPeriodMs`: Defines the expiration time when a Request ID generated for a SAML request will not be valid if seen in a SAML response in the `InResponseTo` field. Default is 8 hours.
......
......@@ -19,6 +19,7 @@ function Strategy (options, verify) {
this._verify = verify;
this._saml = new saml.SAML(options);
this._passReqToCallback = !!options.passReqToCallback;
this._authnRequestBinding = options.authnRequestBinding || 'HTTP-Redirect';
}
util.inherits(Strategy, passport.Strategy);
......@@ -31,7 +32,7 @@ Strategy.prototype.authenticate = function (req, options) {
// Supported binding options:
// "HTTP-Redirect" - HTTP Redirect (GET) Binding
// "HTTP-POST" - HTTP POST Binding
options.samlBinding = options.samlBinding || 'HTTP-Redirect';
// options.samlBinding = options.samlBinding || 'HTTP-Redirect';
function validateCallback(err, profile, loggedOut) {
if (err) {
......@@ -81,7 +82,7 @@ Strategy.prototype.authenticate = function (req, options) {
} else {
var requestHandler = {
'login-request': function() {
if (options.samlBinding === 'HTTP-POST') {
if (self._authnRequestBinding === 'HTTP-POST') {
this._saml.getAuthorizeForm(req, function(err, data) {
if (err) {
self.error(err);
......
......@@ -461,7 +461,7 @@ describe( 'passport-saml /', function() {
var config = check.config;
config.callbackUrl = 'http://localhost:3033/login';
config.entryPoint = 'https://wwwexampleIdp.com/saml';
config.samlBinding = 'HTTP-POST';
config.authnRequestBinding = 'HTTP-POST';
var profile = null;
passport.use( new SamlStrategy( config, function(_profile, done) {
profile = _profile;
......@@ -470,7 +470,7 @@ describe( 'passport-saml /', function() {
);
app.get( '/login',
passport.authenticate( "saml", { samlFallback: 'login-request', samlBinding: "HTTP-POST", session: false } ),
passport.authenticate( "saml", { samlFallback: 'login-request', session: false } ),
function(req, res) {
res.status(200).send("200 OK");
});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment