GitLab

Fix Subject dereference bug

Refactor HTTP-Post tests to be a branch in existing authnRequest tests, rather than largely duplicated separate test.

Changing HTTP-Post AuthnRequest binding option to be part of SAML object options, named authnRequestBinding, and adding to documentation.

Adds HTTP-POST binding support for the SAML <AuthnRequest>

The `if (subject)` block is extended to cover all access to `subject`.

We ran into this bug in the code because our SAML provider didn't include Subject at the root of the Assertion -> line 614 throws a 'cannot access 0 of undefined' error.

Add NameQualifier and SPNameQualifier to nameID

Do not sign custom query string parameters

Document the skipRequestCompression

Specify SingleLogoutService callback url

The nameID element of the authn response can contain the NameQualifier and
SPNameQualifier attribute optionally.

Some providers don't support SAML compression, or they don't support compressed SAML requests if the assertions is configured to be uncompressed.

So having the skipRequestCompression is nice, and highlighting it in documentation makes it easier for people configuring an SP app through trail and error (not all IDPs gives much in terms of error codes and error messages).

Ignore attribute with no attributeValue child

xml-crypto: update to 0.8

Process all attribute statements instead of only first

travis: remove node-0.8 and add node-4.0

Formerly, only the first attribute statement would be processed

Ignore attribute with no attributeValue child in response's AttributeStatement (childless attribute was causing typeError)