gmgauthier/dummyidp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lib/saml: fix base64 encoding of SAML assertions for users with non-ASCII names (#16)

Browse Source 
This PR fixes `encodeAssertion` to use btoa correctly for SAML
assertions that contain non-ASCII.

Messages are first manually encoded into UTF-8, and the resulting data
is coerced into a JS string that btoa will correctly encode. That
intermediary string isn't entirely meaningful -- JS strings are UTF-16,
not UTF-8 -- but I think this "hack" of sorts is tolerable given how
fleeting its use is.
This commit is contained in:
Ulysse Carion 2025-01-13 14:50:34 -08:00 committed by GitHub
parent 683d9222cb
commit 162dd87fc1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/lib/saml.ts
View File

@ -14,7 +14,9 @@ export async function encodeAssertion(
key: CryptoKey, key: CryptoKey,
assertionData: AssertionData, assertionData: AssertionData,
): Promise<string> { ): Promise<string> {
return btoa(await signAssertion(key, assertionData)); // naively calling btoa does not correctly handle non-ASCII
const payload = await signAssertion(key, assertionData);
return btoa(String.fromCharCode(...new TextEncoder().encode(payload)));
} }
async function signAssertion( async function signAssertion(