mocksaml/utils/idp.ts

import xmlbuilder from 'xmlbuilder';
import saml from '@boxyhq/saml20';

const createIdPMetadataXML = async ({
  idpEntityId,
  idpSsoUrl,
  certificate,
}: {
  idpEntityId: string;
  idpSsoUrl: string;
  certificate: string;
}): Promise<string> => {
  certificate = saml.stripCertHeaderAndFooter(certificate);

  const today = new Date();
  const nodes = {
    'md:EntityDescriptor': {
      '@xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
      '@entityID': idpEntityId,
      '@validUntil': new Date(today.setFullYear(today.getFullYear() + 10)).toISOString(),
      'md:IDPSSODescriptor': {
        '@WantAuthnRequestsSigned': true,
        '@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
        'md:KeyDescriptor': {
          '@use': 'signing',
          'ds:KeyInfo': {
            '@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
            'ds:X509Data': {
              'ds:X509Certificate': {
                '#text': certificate,
              },
            },
          },
        },
        'md:NameIDFormat': {
          '#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        },
        'md:SingleSignOnService': [
          {
            '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            '@Location': idpSsoUrl,
          },
          {
            '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
            '@Location': idpSsoUrl,
          },
        ],
      },
    },
  };

  return xmlbuilder.create(nodes, { encoding: 'UTF-8', standalone: false }).end({ pretty: true });
};

export { createIdPMetadataXML };
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`import xmlbuilder from 'xmlbuilder';`
Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`import saml from '@boxyhq/saml20';`
Add key pair 2022-02-21 16:23:43 +00:00
			`const createIdPMetadataXML = async ({`
			`idpEntityId,`
			`idpSsoUrl,`
			`certificate,`
			`}: {`
			`idpEntityId: string;`
			`idpSsoUrl: string;`
			`certificate: string;`
			`}): Promise<string> => {`
Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`certificate = saml.stripCertHeaderAndFooter(certificate);`
Add key pair 2022-02-21 16:23:43 +00:00
dynamic validUntil date (10 years validity) 2022-10-29 13:21:12 +00:00			`const today = new Date();`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`const nodes = {`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'md:EntityDescriptor': {`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`'@xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',`
			`'@entityID': idpEntityId,`
dynamic validUntil date (10 years validity) 2022-10-29 13:21:12 +00:00			`'@validUntil': new Date(today.setFullYear(today.getFullYear() + 10)).toISOString(),`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'md:IDPSSODescriptor': {`
set `WantAuthnRequestsSigned` to true (#137) 2023-01-13 11:25:23 +00:00			`'@WantAuthnRequestsSigned': true,`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'md:KeyDescriptor': {`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`'@use': 'signing',`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'ds:KeyInfo': {`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'ds:X509Data': {`
			`'ds:X509Certificate': {`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`'#text': certificate,`
			`},`
			`},`
			`},`
			`},`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'md:NameIDFormat': {`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`'#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',`
			`},`
added prefixes to idp metadata file (#104) 2022-11-14 09:55:39 +00:00			`'md:SingleSignOnService': [`
Build the metadata using the xmlbuilder (#3) 2022-02-28 17:39:52 +00:00			`{`
			`'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',`
			`'@Location': idpSsoUrl,`
			`},`
			`{`
			`'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',`
			`'@Location': idpSsoUrl,`
			`},`
			`],`
			`},`
			`},`
			`};`

Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`return xmlbuilder.create(nodes, { encoding: 'UTF-8', standalone: false }).end({ pretty: true });`
Add key pair 2022-02-21 16:23:43 +00:00			`};`

Applied prettier 2022-02-22 06:14:12 +00:00			`export { createIdPMetadataXML };`