From 9aa3734681f7559ca6f23719c0edec51363d0019 Mon Sep 17 00:00:00 2001 From: Jeffrey van Norden Date: Mon, 26 Jun 2017 16:18:17 +0200 Subject: [PATCH 1/3] SAMLResponse Assertion wrongfully placed at end of XML instead of after issuer. --- lib/samlp.js | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/lib/samlp.js b/lib/samlp.js index 3814408..0a53d96 100644 --- a/lib/samlp.js +++ b/lib/samlp.js @@ -5,6 +5,7 @@ var xtend = require('xtend'); var utils = require('./utils'); var templates = require('./templates'); var encoders = require('./encoders'); +var signers = require('./signers'); var PassportProfileMapper = require('./claims/PassportProfileMapper'); var constants = require('./constants'); @@ -29,27 +30,8 @@ function buildSamlResponse(options) { .replace(/>(\s*)<') //unindent .trim(); - var sig = new SignedXml(null, { - signatureAlgorithm: constants.ALGORITHMS.SIGNATURE[options.signatureAlgorithm] - }); - - sig.addReference( - constants.ELEMENTS.RESPONSE.SIGNATURE_LOCATION_PATH, - ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"], - constants.ALGORITHMS.DIGEST[options.digestAlgorithm]); - - sig.signingKey = options.key; - - var pem = encoders.removeHeaders(options.cert); - sig.keyInfoProvider = { - getKeyInfo: function (key, prefix) { - prefix = prefix ? prefix + ':' : prefix; - return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + pem + ""; - } - }; - - sig.computeSignature(cannonicalized, { prefix: options.signatureNamespacePrefix }); - SAMLResponse = sig.getSignedXml(); + options.reference = constants.ELEMENTS.RESPONSE.SIGNATURE_LOCATION_PATH; + return signers.signXml(options, cannonicalized); } return SAMLResponse; From 9667bd6f0078909cbacfb4eaf425a5352b76b5bb Mon Sep 17 00:00:00 2001 From: Jeffrey van Norden Date: Mon, 26 Jun 2017 16:18:17 +0200 Subject: [PATCH 2/3] SAMLResponse Assertion wrongfully placed at end of XML instead of after issuer. --- lib/samlp.js | 24 +++--------------------- test/samlp.tests.js | 2 +- 2 files changed, 4 insertions(+), 22 deletions(-) diff --git a/lib/samlp.js b/lib/samlp.js index 3814408..0a53d96 100644 --- a/lib/samlp.js +++ b/lib/samlp.js @@ -5,6 +5,7 @@ var xtend = require('xtend'); var utils = require('./utils'); var templates = require('./templates'); var encoders = require('./encoders'); +var signers = require('./signers'); var PassportProfileMapper = require('./claims/PassportProfileMapper'); var constants = require('./constants'); @@ -29,27 +30,8 @@ function buildSamlResponse(options) { .replace(/>(\s*)<') //unindent .trim(); - var sig = new SignedXml(null, { - signatureAlgorithm: constants.ALGORITHMS.SIGNATURE[options.signatureAlgorithm] - }); - - sig.addReference( - constants.ELEMENTS.RESPONSE.SIGNATURE_LOCATION_PATH, - ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"], - constants.ALGORITHMS.DIGEST[options.digestAlgorithm]); - - sig.signingKey = options.key; - - var pem = encoders.removeHeaders(options.cert); - sig.keyInfoProvider = { - getKeyInfo: function (key, prefix) { - prefix = prefix ? prefix + ':' : prefix; - return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + pem + ""; - } - }; - - sig.computeSignature(cannonicalized, { prefix: options.signatureNamespacePrefix }); - SAMLResponse = sig.getSignedXml(); + options.reference = constants.ELEMENTS.RESPONSE.SIGNATURE_LOCATION_PATH; + return signers.signXml(options, cannonicalized); } return SAMLResponse; diff --git a/test/samlp.tests.js b/test/samlp.tests.js index 5132fa1..253c7ee 100644 --- a/test/samlp.tests.js +++ b/test/samlp.tests.js @@ -597,7 +597,7 @@ describe('samlp', function () { it('should return signature with the specified signatureNamespacePrefix inside the response', function(){ var doc = new xmldom.DOMParser().parseFromString(samlResponse); - var signature = doc.documentElement.getElementsByTagName('ds:Signature'); + var signature = doc.documentElement.getElementsByTagName('Signature'); expect(signature[0].parentNode.nodeName).to.equal('samlp:Response'); }); }); From 5b1f9da3c7fc3ae5fe08216232924e7b372e050d Mon Sep 17 00:00:00 2001 From: Jeffrey Date: Thu, 8 Aug 2019 11:30:57 +0200 Subject: [PATCH 3/3] Updated packages to latest where possible --- package.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/package.json b/package.json index b768230..ab7f8b5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "samlp", - "version": "3.4.0", + "version": "3.4.1", "description": "SAML Protocol server middleware", "main": "lib/index.js", "scripts": { @@ -20,24 +20,24 @@ "license": "mit", "dependencies": { "@auth0/thumbprint": "0.0.6", - "ejs": "2.5.5", + "ejs": "2.6", "flowstate": "^0.4.0", "querystring": "^0.2.0", - "saml": "^0.12.1", - "xml-crypto": "^0.10.1", - "xmldom": "auth0/xmldom#v0.1.19-auth0_1", - "xpath": "0.0.5", - "xtend": "^1.0.3" + "saml": "0.13", + "xml-crypto": "1.4", + "xmldom": "github:auth0/xmldom#v0.1.19-auth0_1", + "xpath": "0.0.27", + "xtend": "4" }, "devDependencies": { - "body-parser": "^1.15.2", - "chai": "~1.5.0", - "cheerio": "~0.10.7", - "express": "~3.1.0", - "express-session": "^1.14.2", - "istanbul": "^0.4.5", - "mocha": "~1.8.1", - "request": "~2.14.0", - "uid2": "0.0.3" + "body-parser": "^1", + "chai": "4", + "cheerio": "^0.22.0", + "express": "^3", + "express-session": "^1", + "istanbul": "^0.4", + "mocha": "1", + "request": "~2.14", + "uid2": "0" } }