From e68b437a8582382d0c55f9ad6e147deb37589f7d Mon Sep 17 00:00:00 2001
From: Aswin V <vaswin91@gmail.com>
Date: Wed, 23 Feb 2022 18:05:58 +0530
Subject: [PATCH] use saml req id

---
 pages/api/saml/auth.ts | 1 +
 utils/response.ts      | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pages/api/saml/auth.ts b/pages/api/saml/auth.ts
index 0660388..5100b60 100644
--- a/pages/api/saml/auth.ts
+++ b/pages/api/saml/auth.ts
@@ -28,6 +28,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       idpIdentityId: config.entityId,
       audience: req.body.audience,
       acsUrl: req.body.acsUrl,
+      samlReqId: req.body.id,
       user: user,
     });
 
diff --git a/utils/response.ts b/utils/response.ts
index 0054502..903bd09 100644
--- a/utils/response.ts
+++ b/utils/response.ts
@@ -8,9 +8,10 @@ const createResponseXML = async (params: {
   idpIdentityId: string;
   audience: string;
   acsUrl: string;
+  samlReqId: string;
   user: User;
 }): Promise<string> => {
-  const { idpIdentityId, audience, acsUrl, user } = params;
+  const { idpIdentityId, audience, acsUrl, user, samlReqId } = params;
 
   const authDate = new Date();
   const authTimestamp = authDate.toISOString();
@@ -21,7 +22,7 @@ const createResponseXML = async (params: {
   authDate.setMinutes(authDate.getMinutes() + 10);
   const notAfter = authDate.toISOString();
 
-  const inResponseTo = '_1234';
+  const inResponseTo = samlReqId;
   // const responseId = crypto.randomBytes(10).toString('hex');
 
   const attributeStatement = {