Add attrs to SAMLResponse

2022-02-21 12:23:27 +05:30 · 2022-02-21 12:23:27 +05:30 · 0f1fb9258d
commit 0f1fb9258d
parent eeeef765fc
1 changed files with 27 additions and 16 deletions
--- a/utils/index.ts
+++ b/utils/index.ts
@ -6,6 +6,7 @@ import { User } from '../types';
 import {promisify} from 'util';
 import zlib from 'zlib';
 import xmlbuilder from 'xmlbuilder';
 import crypto from 'crypto';
 const inflateRawSync = promisify(zlib.inflateRawSync)
@ -74,12 +75,27 @@ const createSAMLResponseXML = async (params: {
  user: User
 }): Promise<string> => {
  const {idpIdentityId, audience, acsUrl, user} = params;
-  const authTimestamp = 
+
  const authDate = new Date();
  const authTimestamp = authDate.toISOString();
  authDate.setMinutes(authDate.getMinutes() - 5);
  const notBefore = authDate.toISOString();
  authDate.setMinutes(authDate.getMinutes() + 10);
  const notAfter = authDate.toISOString();
  const inResponseTo = '_dde944f3d9cb96238b0c'
  const responseId = crypto.randomBytes(10).toString('hex');
  const nodes = {
    'samlp:Response':{
      '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
-      '@ID': '_dde944f3d9cb96238b0c',
+      '@Version': '2.0',
      '@ID': responseId,
      '@Destination': acsUrl,
      '@InResponseTo': inResponseTo,
      '@IssueInstant': authTimestamp,
      'saml:Issuer': {
        '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
        '#text': idpIdentityId,
@ -92,28 +108,20 @@ const createSAMLResponseXML = async (params: {
      'saml:Assertion': {
        '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
        '@Version': '2.0',
-        '@ID': '_bsyl9FgHslMWbBp2tFgM0FBJqWNTd3xd',
+        '@ID': responseId,
-        '@IssueInstant': '2022-02-18T06:24:29.856Z',
+        '@IssueInstant': authTimestamp,
        'saml:Issuer': {
          '#text': idpIdentityId,
        },
        'saml:Subject': {
          'saml:NameID': {
            '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
-            '#text': 'google-oauth2|108149256146623609101',
+            '#text': user.email,
          },
          'saml:SubjectConfirmation': {
            '@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
            'saml:SubjectConfirmationData': {
              '@NotOnOrAfter': '2022-02-18T07:24:29.856Z',
              '@Recipient': acsUrl,
              '@InResponseTo': '_e427c05d2462c8c2550e'
            }
          }
        },
        'saml:Conditions': {
-          '@NotBefore': '2022-02-18T06:24:29.856Z',
+          '@NotBefore': notBefore,
-          '@NotOnOrAfter': '2022-02-18T07:24:29.856Z',
+          '@NotOnOrAfter': notAfter,
          'saml:AudienceRestriction': {
            'saml:Audience': {
              '#text': audience,
@ -121,7 +129,7 @@ const createSAMLResponseXML = async (params: {
          }
        },
        'saml:AuthnStatement': {
-          '@AuthnInstant': '2022-02-18T06:24:29.856Z',
+          '@AuthnInstant': authTimestamp,
          '@SessionIndex': '_YIlFoNFzLMDYxdwf-T_BuimfkGa5qhKg',
          'saml:AuthnContext': {
            'saml:AuthnContextClassRef': {
@ -170,6 +178,9 @@ const createSAMLResponseXML = async (params: {
  return xmlbuilder.create(nodes).end({ pretty: true});
 };
 // Add DigestValue
 // Add X509Certificate
 // Create the HTML form to submit the response
 export const createResponseForm = (relayState: string, encodedSamlResponse: string, acsUrl: string) => {
  const formElements = [