Socket
Socket
Sign inDemoInstall

passport-saml

Package Overview
Dependencies
Maintainers
1
Versions
68
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passport-saml - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

8

examples/login/app.js
var express = require('express')
, passport = require('passport')
, util = require('util')
, SamlStrategy = require('../../lib/passport-saml/index').Strategy;
, SamlStrategy = require('../../lib/passport-saml/index').Strategy
, fs = require('fs');

@@ -43,5 +44,8 @@

issuer: 'passport-saml',
protocol: 'http://'
protocol: 'http://',
cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='/*,
privateCert: fs.readFileSync('./cert.pem', 'utf-8')*/
},
function(profile, done) {
console.log("Auth with", profile);
if (!profile.email) {

@@ -48,0 +52,0 @@ return done(new Error("No email found"), null);

60

lib/passport-saml/saml.js
var zlib = require('zlib');
var xml2js = require('xml2js');
var xmlCrypto = require('xml-crypto');
var crypto = require('crypto');
var xmldom = require('xmldom');
var querystring = require('querystring');

@@ -46,2 +50,8 @@ var SAML = function (options) {

SAML.prototype.signRequest = function (xml) {
var signer = crypto.createSign('RSA-SHA1');
signer.update(xml);
return signer.sign(this.options.privateCert, 'base64');
}
SAML.prototype.generateRequest = function (req) {

@@ -52,3 +62,7 @@ var id = "_" + this.generateUniqueID();

// Post-auth destination
var callbackUrl = this.options.protocol + req.headers.host + this.options.path;
if (this.options.callbackUrl) {
callbackUrl = this.options.callbackUrl;
} else {
var callbackUrl = this.options.protocol + req.headers.host + this.options.path;
}

@@ -75,12 +89,52 @@ var request =

var base64 = buffer.toString('base64');
var encoded = encodeURIComponent(base64);
var target = self.options.entryPoint + '?'
callback(null, self.options.entryPoint + '?SAMLRequest=' + encoded);
var samlRequest = {
SAMLRequest: base64
};
if (self.options.privateCert) {
samlRequest.SigAlg = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
samlRequest.Signature = self.signRequest(querystring.stringify(samlRequest));
}
target += querystring.stringify(samlRequest);
callback(null, target);
});
};
SAML.prototype.certToPEM = function (cert) {
cert = cert.match(/.{1,64}/g).join('\n');
cert = "-----BEGIN CERTIFICATE-----\n" + cert;
cert = cert + "\n-----END CERTIFICATE-----\n";
return cert;
};
SAML.prototype.validateSignature = function (xml, cert) {
var self = this;
var doc = new xmldom.DOMParser().parseFromString(xml);
var signature = xmlCrypto.xpath.SelectNodes(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
var sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo: function (key) {
return "<X509Data></X509Data>"
},
getKey: function (keyInfo) {
return self.certToPEM(cert);
}
};
sig.loadSignature(signature.toString());
return sig.checkSignature(xml);
};
SAML.prototype.validateResponse = function (samlResponse, callback) {
var self = this;
var xml = new Buffer(samlResponse, 'base64').toString('ascii');
var parser = new xml2js.Parser();
parser.parseString(xml, function (err, doc) {
// Verify signature
if (self.options.cert && !self.validateSignature(xml, self.options.cert)) {
return callback(new Error('Invalid signature'), null);
}
profile = {};

@@ -87,0 +141,0 @@ profile.issuer = doc['saml:Assertion']['saml:Issuer'];

6

package.json
{
"name": "passport-saml",
"version": "0.0.1",
"version": "0.0.2",
"licenses": [{

@@ -21,3 +21,5 @@ "type": "MIT",

"zlib": "1.0.x",
"xml2js": "0.1.x"
"xml2js": "0.1.x",
"xml-crypto": "0.0.x",
"xmldom": "0.1.x"
},

@@ -24,0 +26,0 @@ "devDependencies": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc