gmgauthier/mocksaml
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bypass validation for GET request until we figure out how to exchange the public key with the SP (#159)

Browse Source
This commit is contained in:
Deepak Prabhakara 2023-03-24 23:01:42 +00:00 committed by GitHub
parent e94384cdc8
commit d18cf70c47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pages/api/saml/sso.ts
View File

@ -23,17 +23,25 @@ async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isP
} else { } else {
relayState = req.query.RelayState; relayState = req.query.RelayState;
samlRequest = req.query.SAMLRequest; samlRequest = req.query.SAMLRequest;
// sigAlg = req.query.SigAlg;
// signature = req.query.Signature;
isDeflated = true; isDeflated = true;
} }
try { try {
const rawRequest = await decodeBase64(samlRequest, isDeflated); const rawRequest = await decodeBase64(samlRequest, isDeflated);
const { id, audience, acsUrl, providerName, publicKey } = await extractSAMLRequestAttributes(rawRequest); const { id, audience, acsUrl, providerName, publicKey } = await extractSAMLRequestAttributes(
rawRequest,
isPost
);
const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null); if (isPost) {
if (!valid) { const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);
throw new Error('Invalid signature'); if (!valid) {
throw new Error('Invalid signature');
}
} }
const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState }); const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState });

4
utils/request.ts
View File

@ -32,7 +32,7 @@ const decodeBase64 = async (string: string, isDeflated: boolean) => {
}; };
// Parse SAMLRequest attributes // Parse SAMLRequest attributes
const extractSAMLRequestAttributes = async (rawRequest: string) => { const extractSAMLRequestAttributes = async (rawRequest: string, isPost = true) => {
const result = await parseXML(rawRequest); const result = await parseXML(rawRequest);
const attributes = result['AuthnRequest']['$']; const attributes = result['AuthnRequest']['$'];
@ -42,7 +42,7 @@ const extractSAMLRequestAttributes = async (rawRequest: string) => {
? result['AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0] ? result['AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0]
: null; : null;
if (!publicKey) { if (!publicKey && isPost) {
throw new Error('Missing signature'); throw new Error('Missing signature');
} }