Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@boxyhq/saml20

Package Overview
Dependencies
Maintainers
4
Versions
89
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@boxyhq/saml20 - npm Package Compare versions

Comparing version 1.4.13 to 1.4.14

20

dist/index.d.ts

@@ -5,2 +5,14 @@ import { PubKeyInfo } from './cert';

parseMetadata: (idpMeta: string, validateOpts: any) => Promise<Record<string, any>>;
createIdPMetadataXML: ({ ssoUrl, entityId, x509cert, wantAuthnRequestsSigned, }: {
ssoUrl: string;
entityId: string;
x509cert: string;
wantAuthnRequestsSigned: boolean;
}) => string;
createSPMetadataXML: ({ entityId, publicKeyString, acsUrl, encryption, }: {
entityId: string;
publicKeyString: string;
acsUrl: string;
encryption: boolean;
}) => string;
createSAMLResponse: ({ audience, issuer, acsUrl, claims, requestId, privateKey, publicKey, flattenArray, }: {

@@ -54,3 +66,11 @@ audience: string;

}>;
createLogoutRequest: ({ nameId, providerName, sloUrl, }: {
nameId: string;
providerName: string;
sloUrl: string;
}) => {
id: string;
xml: string;
};
};
export default _default;

3

dist/index.js

@@ -14,2 +14,4 @@ 'use strict';

parseMetadata: metadata_1.parseMetadata,
createIdPMetadataXML: metadata_1.createIdPMetadataXML,
createSPMetadataXML: metadata_1.createSPMetadataXML,
createSAMLResponse: response_1.createSAMLResponse,

@@ -32,2 +34,3 @@ request: request_1.request,

parseLogoutResponse: logout_1.parseLogoutResponse,
createLogoutRequest: logout_1.createLogoutRequest,
};

10

dist/logout.d.ts

@@ -8,2 +8,10 @@ declare const parseLogoutResponse: (rawResponse: string) => Promise<{

}>;
export { parseLogoutResponse };
declare const createLogoutRequest: ({ nameId, providerName, sloUrl, }: {
nameId: string;
providerName: string;
sloUrl: string;
}) => {
id: string;
xml: string;
};
export { parseLogoutResponse, createLogoutRequest };

29

dist/logout.js

@@ -15,4 +15,6 @@ "use strict";

Object.defineProperty(exports, "__esModule", { value: true });
exports.parseLogoutResponse = void 0;
exports.createLogoutRequest = exports.parseLogoutResponse = void 0;
const crypto_1 = __importDefault(require("crypto"));
const xml2js_1 = __importDefault(require("xml2js"));
const xmlbuilder_1 = __importDefault(require("xmlbuilder"));
const parseLogoutResponse = (rawResponse) => __awaiter(void 0, void 0, void 0, function* () {

@@ -36,1 +38,26 @@ return new Promise((resolve, reject) => {

exports.parseLogoutResponse = parseLogoutResponse;
const createLogoutRequest = ({ nameId, providerName, sloUrl, }) => {
const id = '_' + crypto_1.default.randomBytes(10).toString('hex');
const xml = {
'samlp:LogoutRequest': {
'@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
'@ID': id,
'@Version': '2.0',
'@IssueInstant': new Date().toISOString(),
'@Destination': sloUrl,
'saml:Issuer': {
'#text': providerName,
},
'saml:NameID': {
'@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'#text': nameId,
},
},
};
return {
id,
xml: xmlbuilder_1.default.create(xml).end({}),
};
};
exports.createLogoutRequest = createLogoutRequest;

14

dist/metadata.d.ts
declare const parseMetadata: (idpMeta: string, validateOpts: any) => Promise<Record<string, any>>;
export { parseMetadata };
declare const createIdPMetadataXML: ({ ssoUrl, entityId, x509cert, wantAuthnRequestsSigned, }: {
ssoUrl: string;
entityId: string;
x509cert: string;
wantAuthnRequestsSigned: boolean;
}) => string;
declare const createSPMetadataXML: ({ entityId, publicKeyString, acsUrl, encryption, }: {
entityId: string;
publicKeyString: string;
acsUrl: string;
encryption: boolean;
}) => string;
export { parseMetadata, createIdPMetadataXML, createSPMetadataXML };

99

dist/metadata.js

@@ -15,7 +15,9 @@ "use strict";

Object.defineProperty(exports, "__esModule", { value: true });
exports.parseMetadata = void 0;
exports.createSPMetadataXML = exports.createIdPMetadataXML = exports.parseMetadata = void 0;
const utils_1 = require("./utils");
const utils_2 = require("./utils");
const cert_1 = require("./cert");
const crypto_1 = __importDefault(require("crypto"));
const xml2js_1 = __importDefault(require("xml2js"));
const xmlbuilder_1 = __importDefault(require("xmlbuilder"));
const BEGIN = '-----BEGIN CERTIFICATE-----';

@@ -176,1 +178,96 @@ const END = '-----END CERTIFICATE-----';

exports.parseMetadata = parseMetadata;
const createIdPMetadataXML = ({ ssoUrl, entityId, x509cert, wantAuthnRequestsSigned, }) => {
x509cert = (0, cert_1.stripCertHeaderAndFooter)(x509cert);
const today = new Date();
const nodes = {
'md:EntityDescriptor': {
'@xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
'@entityID': entityId,
'@validUntil': new Date(today.setFullYear(today.getFullYear() + 10)).toISOString(),
'md:IDPSSODescriptor': {
'@WantAuthnRequestsSigned': wantAuthnRequestsSigned,
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
'md:KeyDescriptor': {
'@use': 'signing',
'ds:KeyInfo': {
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
'ds:X509Data': {
'ds:X509Certificate': {
'#text': x509cert,
},
},
},
},
'md:NameIDFormat': {
'#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
},
'md:SingleSignOnService': [
{
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'@Location': ssoUrl,
},
{
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'@Location': ssoUrl,
},
],
},
},
};
return xmlbuilder_1.default.create(nodes, { encoding: 'UTF-8', standalone: false }).end({ pretty: true });
};
exports.createIdPMetadataXML = createIdPMetadataXML;
const createSPMetadataXML = ({ entityId, publicKeyString, acsUrl, encryption, }) => {
const today = new Date();
const keyDescriptor = [
{
'@use': 'signing',
'ds:KeyInfo': {
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
'ds:X509Data': {
'ds:X509Certificate': {
'#text': publicKeyString,
},
},
},
},
];
if (encryption) {
keyDescriptor.push({
'@use': 'encryption',
'ds:KeyInfo': {
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
'ds:X509Data': {
'ds:X509Certificate': {
'#text': publicKeyString,
},
},
},
'md:EncryptionMethod': {
'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
},
});
}
const nodes = {
'md:EntityDescriptor': {
'@xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
'@entityID': entityId,
'@validUntil': new Date(today.setFullYear(today.getFullYear() + 10)).toISOString(),
'md:SPSSODescriptor': {
//'@WantAuthnRequestsSigned': true,
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
'md:KeyDescriptor': keyDescriptor,
'md:NameIDFormat': {
'#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
},
'md:AssertionConsumerService': {
'@index': 1,
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'@Location': acsUrl,
},
},
},
};
return xmlbuilder_1.default.create(nodes, { encoding: 'UTF-8', standalone: false }).end({ pretty: true });
};
exports.createSPMetadataXML = createSPMetadataXML;

2

dist/request.js

@@ -89,3 +89,3 @@ "use strict";

// Parse SAMLRequest attributes
const parseSAMLRequest = (rawRequest, isPost = true) => __awaiter(void 0, void 0, void 0, function* () {
const parseSAMLRequest = (rawRequest_1, ...args_1) => __awaiter(void 0, [rawRequest_1, ...args_1], void 0, function* (rawRequest, isPost = true) {
var _a;

@@ -92,0 +92,0 @@ const result = yield parseXML(rawRequest);

2

dist/response.js

@@ -260,3 +260,3 @@ "use strict";

// Create SAML Response and sign it
const createSAMLResponse = ({ audience, issuer, acsUrl, claims, requestId, privateKey, publicKey, flattenArray = false, }) => __awaiter(void 0, void 0, void 0, function* () {
const createSAMLResponse = (_a) => __awaiter(void 0, [_a], void 0, function* ({ audience, issuer, acsUrl, claims, requestId, privateKey, publicKey, flattenArray = false, }) {
const authDate = new Date();

@@ -263,0 +263,0 @@ const authTimestamp = authDate.toISOString();

2

dist/utils.d.ts
declare const parseFromString: (xmlString: string) => Document;
declare const thumbprint: (cert: string) => string;
declare const getAttribute: <TDefault = unknown>(value: any, path: string, defaultValue?: TDefault | undefined) => TDefault;
declare const getAttribute: <TDefault = unknown>(value: any, path: string, defaultValue?: TDefault) => TDefault;
export { parseFromString, thumbprint, getAttribute };

6

package.json
{
"name": "@boxyhq/saml20",
"version": "1.4.13",
"version": "1.4.14",
"description": "SAML 2.0 token parser for Node.js",

@@ -50,3 +50,3 @@ "keywords": [

"@types/mocha": "10.0.6",
"@types/node": "20.11.24",
"@types/node": "20.11.25",
"@types/xml2js": "0.4.14",

@@ -63,5 +63,5 @@ "@typescript-eslint/eslint-plugin": "7.1.1",

"tsconfig-paths": "4.2.0",
"typescript": "5.3.3"
"typescript": "5.4.2"
},
"readmeFilename": "README.md"
}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc