mocksaml/pages/api/saml/sso.ts

import type { NextApiRequest, NextApiResponse } from 'next';
import saml from '@boxyhq/saml20';

export default async function handler(req: NextApiRequest, res: NextApiResponse<string>) {
  switch (req.method) {
    case 'GET':
      return await processSAMLRequest(req, res, false);
    case 'POST':
      return await processSAMLRequest(req, res, true);
    default:
      return res.status(405).end(`Method ${req.method} Not Allowed`);
  }
}

async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isPost: boolean) {
  let samlRequest, relayState, isDeflated;

  if (isPost) {
    relayState = req.body.RelayState;
    samlRequest = req.body.SAMLRequest;
    isDeflated = false;
  } else {
    relayState = req.query.RelayState;
    samlRequest = req.query.SAMLRequest;
    // sigAlg = req.query.SigAlg;
    // signature = req.query.Signature;

    isDeflated = true;
  }

  try {
    const rawRequest = await saml.decodeBase64(samlRequest, isDeflated);

    const { id, audience, acsUrl, providerName, publicKey } = await saml.parseSAMLRequest(rawRequest, isPost);

    if (isPost) {
      const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);
      if (!valid) {
        throw new Error('Invalid signature');
      }
    }

    const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState });

    const loginUrl = (req.query.namespace ? `/namespace/${req.query.namespace}` : '') + '/saml/login';

    res.redirect(302, `${loginUrl}?${params.toString()}`);
  } catch (err) {
    console.error(err);

    res.status(500).send(`${err}`);
  }
}
Create saml response 2022-02-21 05:52:12 +00:00			`import type { NextApiRequest, NextApiResponse } from 'next';`
Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`import saml from '@boxyhq/saml20';`
Create saml response 2022-02-21 05:52:12 +00:00
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`export default async function handler(req: NextApiRequest, res: NextApiResponse<string>) {`
Create saml response 2022-02-21 05:52:12 +00:00			`switch (req.method) {`
			`case 'GET':`
Handle POST binding 2022-02-24 16:36:25 +00:00			`return await processSAMLRequest(req, res, false);`
			`case 'POST':`
			`return await processSAMLRequest(req, res, true);`
Create saml response 2022-02-21 05:52:12 +00:00			`default:`
			return res.status(405).end(`Method ${req.method} Not Allowed`);
			`}`
Handle POST binding 2022-02-24 16:36:25 +00:00			`}`
Create saml response 2022-02-21 05:52:12 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isPost: boolean) {`
			`let samlRequest, relayState, isDeflated;`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`if (isPost) {`
			`relayState = req.body.RelayState;`
			`samlRequest = req.body.SAMLRequest;`
			`isDeflated = false;`
			`} else {`
			`relayState = req.query.RelayState;`
			`samlRequest = req.query.SAMLRequest;`
bypass validation for GET request until we figure out how to exchange the public key with the SP (#159) 2023-03-24 23:01:42 +00:00			`// sigAlg = req.query.SigAlg;`
			`// signature = req.query.Signature;`

Handle POST binding 2022-02-24 16:36:25 +00:00			`isDeflated = true;`
			`}`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`try {`
moved parsing of saml request to saml20 lib (#486) 2024-02-04 13:35:59 +00:00			`const rawRequest = await saml.decodeBase64(samlRequest, isDeflated);`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
moved parsing of saml request to saml20 lib (#486) 2024-02-04 13:35:59 +00:00			`const { id, audience, acsUrl, providerName, publicKey } = await saml.parseSAMLRequest(rawRequest, isPost);`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
bypass validation for GET request until we figure out how to exchange the public key with the SP (#159) 2023-03-24 23:01:42 +00:00			`if (isPost) {`
			`const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);`
			`if (!valid) {`
			`throw new Error('Invalid signature');`
			`}`
Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`}`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState });`
Code cleanup 2022-02-23 13:48:20 +00:00
fixed namespace login (#473) 2024-01-21 01:01:09 +00:00			const loginUrl = (req.query.namespace ? `/namespace/${req.query.namespace}` : '') + '/saml/login';

			res.redirect(302, `${loginUrl}?${params.toString()}`);
Handle POST binding 2022-02-24 16:36:25 +00:00			`} catch (err) {`
			`console.error(err);`
Code cleanup 2022-02-23 13:48:20 +00:00
check for missing signature and throw appropriate error (#80) 2022-10-12 18:11:50 +00:00			res.status(500).send(`${err}`);
Create saml response 2022-02-21 05:52:12 +00:00			`}`
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`}`