Add attrs to SAMLResponse

2022-02-21 12:23:27 +05:30 · 2022-02-21 12:23:27 +05:30 · 0f1fb9258d
commit 0f1fb9258d
parent eeeef765fc
1 changed files with 27 additions and 16 deletions
--- a/utils/index.ts
+++ b/utils/index.ts
@ -6,6 +6,7 @@ import { User } from '../types';
 import {promisify} from 'util';
 import zlib from 'zlib';
 import xmlbuilder from 'xmlbuilder';
+import crypto from 'crypto';

 const inflateRawSync = promisify(zlib.inflateRawSync)

@ -74,12 +75,27 @@ const createSAMLResponseXML = async (params: {
  user: User
 }): Promise<string> => {
  const {idpIdentityId, audience, acsUrl, user} = params;
-  const authTimestamp = 
+
+  const authDate = new Date();
+  const authTimestamp = authDate.toISOString();
+
+  authDate.setMinutes(authDate.getMinutes() - 5);
+  const notBefore = authDate.toISOString();
+
+  authDate.setMinutes(authDate.getMinutes() + 10);
+  const notAfter = authDate.toISOString();
+
+  const inResponseTo = '_dde944f3d9cb96238b0c'
+  const responseId = crypto.randomBytes(10).toString('hex');

  const nodes = {
    'samlp:Response':{
      '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
-      '@ID': '_dde944f3d9cb96238b0c',
+      '@Version': '2.0',
+      '@ID': responseId,
+      '@Destination': acsUrl,
+      '@InResponseTo': inResponseTo,
+      '@IssueInstant': authTimestamp,
      'saml:Issuer': {
        '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
        '#text': idpIdentityId,
@ -92,28 +108,20 @@ const createSAMLResponseXML = async (params: {
      'saml:Assertion': {
        '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
        '@Version': '2.0',
-        '@ID': '_bsyl9FgHslMWbBp2tFgM0FBJqWNTd3xd',
-        '@IssueInstant': '2022-02-18T06:24:29.856Z',
+        '@ID': responseId,
+        '@IssueInstant': authTimestamp,
        'saml:Issuer': {
          '#text': idpIdentityId,
        },
        'saml:Subject': {
          'saml:NameID': {
            '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
-            '#text': 'google-oauth2|108149256146623609101',
-          },
-          'saml:SubjectConfirmation': {
-            '@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
-            'saml:SubjectConfirmationData': {
-              '@NotOnOrAfter': '2022-02-18T07:24:29.856Z',
-              '@Recipient': acsUrl,
-              '@InResponseTo': '_e427c05d2462c8c2550e'
-            }
+            '#text': user.email,
          }
        },
        'saml:Conditions': {
-          '@NotBefore': '2022-02-18T06:24:29.856Z',
-          '@NotOnOrAfter': '2022-02-18T07:24:29.856Z',
+          '@NotBefore': notBefore,
+          '@NotOnOrAfter': notAfter,
          'saml:AudienceRestriction': {
            'saml:Audience': {
              '#text': audience,
@ -121,7 +129,7 @@ const createSAMLResponseXML = async (params: {
          }
        },
        'saml:AuthnStatement': {
-          '@AuthnInstant': '2022-02-18T06:24:29.856Z',
+          '@AuthnInstant': authTimestamp,
          '@SessionIndex': '_YIlFoNFzLMDYxdwf-T_BuimfkGa5qhKg',
          'saml:AuthnContext': {
            'saml:AuthnContextClassRef': {
@ -170,6 +178,9 @@ const createSAMLResponseXML = async (params: {
  return xmlbuilder.create(nodes).end({ pretty: true});
 };

+// Add DigestValue
+// Add X509Certificate
+
 // Create the HTML form to submit the response
 export const createResponseForm = (relayState: string, encodedSamlResponse: string, acsUrl: string) => {
  const formElements = [