mocksaml/pages/api/saml/sso.ts

import type { NextApiRequest, NextApiResponse } from 'next';
import { decodeBase64, extractSAMLRequestAttributes } from 'utils';
import saml from '@boxyhq/saml20';

export default async function handler(req: NextApiRequest, res: NextApiResponse<string>) {
  switch (req.method) {
    case 'GET':
      return await processSAMLRequest(req, res, false);
    case 'POST':
      return await processSAMLRequest(req, res, true);
    default:
      return res.status(405).end(`Method ${req.method} Not Allowed`);
  }
}

async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isPost: boolean) {
  let samlRequest, relayState, isDeflated;

  if (isPost) {
    relayState = req.body.RelayState;
    samlRequest = req.body.SAMLRequest;
    isDeflated = false;
  } else {
    relayState = req.query.RelayState;
    samlRequest = req.query.SAMLRequest;
    isDeflated = true;
  }

  try {
    const rawRequest = await decodeBase64(samlRequest, isDeflated);

    const { id, audience, acsUrl, providerName, publicKey } = await extractSAMLRequestAttributes(rawRequest);

    const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);
    if (!valid) {
      throw new Error('Invalid signature');
    }

    const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState });

    res.redirect(302, `/saml/login?${params.toString()}`);
  } catch (err) {
    console.error(err);

    res.status(500).send(`${err}`);
  }
}
Create saml response 2022-02-21 05:52:12 +00:00			`import type { NextApiRequest, NextApiResponse } from 'next';`
Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`import { decodeBase64, extractSAMLRequestAttributes } from 'utils';`
			`import saml from '@boxyhq/saml20';`
Create saml response 2022-02-21 05:52:12 +00:00
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`export default async function handler(req: NextApiRequest, res: NextApiResponse<string>) {`
Create saml response 2022-02-21 05:52:12 +00:00			`switch (req.method) {`
			`case 'GET':`
Handle POST binding 2022-02-24 16:36:25 +00:00			`return await processSAMLRequest(req, res, false);`
			`case 'POST':`
			`return await processSAMLRequest(req, res, true);`
Create saml response 2022-02-21 05:52:12 +00:00			`default:`
			return res.status(405).end(`Method ${req.method} Not Allowed`);
			`}`
Handle POST binding 2022-02-24 16:36:25 +00:00			`}`
Create saml response 2022-02-21 05:52:12 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isPost: boolean) {`
			`let samlRequest, relayState, isDeflated;`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`if (isPost) {`
			`relayState = req.body.RelayState;`
			`samlRequest = req.body.SAMLRequest;`
			`isDeflated = false;`
			`} else {`
			`relayState = req.query.RelayState;`
			`samlRequest = req.query.SAMLRequest;`
			`isDeflated = true;`
			`}`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`try {`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`const rawRequest = await decodeBase64(samlRequest, isDeflated);`

			`const { id, audience, acsUrl, providerName, publicKey } = await extractSAMLRequestAttributes(rawRequest);`

Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);`
			`if (!valid) {`
			`throw new Error('Invalid signature');`
			`}`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			`const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState });`
Code cleanup 2022-02-23 13:48:20 +00:00
Handle POST binding 2022-02-24 16:36:25 +00:00			res.redirect(302, `/saml/login?${params.toString()}`);
			`} catch (err) {`
			`console.error(err);`
Code cleanup 2022-02-23 13:48:20 +00:00
check for missing signature and throw appropriate error (#80) 2022-10-12 18:11:50 +00:00			res.status(500).send(`${err}`);
Create saml response 2022-02-21 05:52:12 +00:00			`}`
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`}`