Build the metadata using the xmlbuilder (#3)
This commit is contained in:
Kiran K
GitHub
parent
43f03c1a92
commit
88a14aeeb7
@ -1,19 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="{{idp_entity_id}}" validUntil="2026-06-22T18:39:53.000Z">
|
|
||||||
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
||||||
<KeyDescriptor use="signing">
|
|
||||||
<KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
||||||
<X509Data>
|
|
||||||
<X509Certificate>
|
|
||||||
{{idp_certificate}}
|
|
||||||
</X509Certificate>
|
|
||||||
</X509Data>
|
|
||||||
</KeyInfo>
|
|
||||||
</KeyDescriptor>
|
|
||||||
<NameIDFormat>
|
|
||||||
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
|
||||||
</NameIDFormat>
|
|
||||||
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{idp_sso_url}}" />
|
|
||||||
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{idp_sso_url}}" />
|
|
||||||
</IDPSSODescriptor>
|
|
||||||
</EntityDescriptor>
|
|
||||||
46
utils/idp.ts
46
utils/idp.ts
@ -1,5 +1,4 @@
|
|||||||
import { promises as fs } from 'fs';
|
import xmlbuilder from 'xmlbuilder';
|
||||||
import path from 'path';
|
|
||||||
import { stripCertHeaderAndFooter } from './certificate';
|
import { stripCertHeaderAndFooter } from './certificate';
|
||||||
|
|
||||||
const createIdPMetadataXML = async ({
|
const createIdPMetadataXML = async ({
|
||||||
@ -11,14 +10,45 @@ const createIdPMetadataXML = async ({
|
|||||||
idpSsoUrl: string;
|
idpSsoUrl: string;
|
||||||
certificate: string;
|
certificate: string;
|
||||||
}): Promise<string> => {
|
}): Promise<string> => {
|
||||||
const xmlPath = path.join('data', 'idp-metadata.xml');
|
|
||||||
const xml = await fs.readFile(xmlPath, 'utf8');
|
|
||||||
certificate = stripCertHeaderAndFooter(certificate);
|
certificate = stripCertHeaderAndFooter(certificate);
|
||||||
|
|
||||||
return xml
|
const nodes = {
|
||||||
.replace('{{idp_entity_id}}', idpEntityId)
|
EntityDescriptor: {
|
||||||
.replace('{{idp_certificate}}', certificate)
|
'@xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
|
||||||
.replace(/{{idp_sso_url}}/g, idpSsoUrl);
|
'@entityID': idpEntityId,
|
||||||
|
'@validUntil': '2026-06-22T18:39:53.000Z',
|
||||||
|
IDPSSODescriptor: {
|
||||||
|
'@WantAuthnRequestsSigned': false,
|
||||||
|
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
|
||||||
|
KeyDescriptor: {
|
||||||
|
'@use': 'signing',
|
||||||
|
KeyInfo: {
|
||||||
|
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
|
||||||
|
X509Data: {
|
||||||
|
X509Certificate: {
|
||||||
|
'#text': certificate,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
NameIDFormat: {
|
||||||
|
'#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
||||||
|
},
|
||||||
|
SingleSignOnService: [
|
||||||
|
{
|
||||||
|
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||||
|
'@Location': idpSsoUrl,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||||
|
'@Location': idpSsoUrl,
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
return xmlbuilder.create(nodes, { encoding: 'UTF-8', standalone: false }).end();
|
||||||
};
|
};
|
||||||
|
|
||||||
export { createIdPMetadataXML };
|
export { createIdPMetadataXML };
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user