gmgauthier/mocksaml
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check for missing signature and throw appropriate error (#80)

Browse Source
This commit is contained in:
Deepak Prabhakara 2022-10-12 19:11:50 +01:00 committed by GitHub
parent e2ecfd28d5
commit 929fac62dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pages/api/saml/sso.ts
View File

@ -42,6 +42,6 @@ async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isP
} catch (err) {
console.error(err);
res.status(500).send(`Error parsing SAML request`);
res.status(500).send(`${err}`);
}
}

11
utils/request.ts
View File

@ -31,13 +31,20 @@ const extractSAMLRequestAttributes = async (rawRequest: string) => {
const attributes = result['samlp:AuthnRequest']['$'];
const issuer = result['samlp:AuthnRequest']['saml:Issuer'];
const publicKey = result['samlp:AuthnRequest']['Signature']
? result['samlp:AuthnRequest']['Signature']['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0]
: null;
if (!publicKey) {
throw new Error('Missing signature');
}
return {
id: attributes.ID,
acsUrl: attributes.AssertionConsumerServiceURL,
providerName: attributes.ProviderName,
audience: issuer[0]['_'],
publicKey:
result['samlp:AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0],
publicKey,
};
};