		@@ -69,2 +69,7 @@ var zlib = require('zlib');

		// sha1 or sha256
		if (!options.signatureAlgorithm) {
		options.signatureAlgorithm = 'sha1';
		}

		return options;
		@@ -105,6 +110,16 @@ };

		SAML.prototype.signRequest = function (xml) {
		var signer = crypto.createSign('RSA-SHA1');
		signer.update(xml);
		return signer.sign(this.options.privateCert, 'base64');
		SAML.prototype.signRequest = function (samlMessage) {
		var signer;
		switch(this.options.signatureAlgorithm) {
		case 'sha256':
		samlMessage.SigAlg = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
		signer = crypto.createSign('RSA-SHA256');
		break;
		default:
		samlMessage.SigAlg = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
		signer = crypto.createSign('RSA-SHA1');
		break;
		}
		signer.update(querystring.stringify(samlMessage));
		samlMessage.Signature = signer.sign(this.options.privateCert, 'base64');
		};
		@@ -273,4 +288,4 @@
		if (self.options.privateCert) {
		samlMessage.SigAlg = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
		samlMessage.Signature = self.signRequest(querystring.stringify(samlMessage));
		// sets .SigAlg and .Signature
		self.signRequest(samlMessage);
		}
		@@ -277,0 +292,0 @@ Object.keys(samlMessage).forEach(function(k) {

package.json

README.md

		@@ -54,2 +54,3 @@ Passport-SAML
		* `decryptionPvk`: optional private key that will be used to attempt to decrypt any encrypted assertions that are received
		* `signatureAlgorithm`: optionally set the signature algorithm for signing requests, valid values are 'sha1' (default) or 'sha256'
		* Additional SAML behaviors
		@@ -140,2 +141,4 @@ * `additionalParams`: dictionary of additional query params to add to all requests

		For more detailed instructions, see [this document from Tim Brody](docs/adfs/README.md).

		## SAML Response Validation - NotBefore and NotOnOrAfter
		@@ -142,0 +145,0 @@

test/tests.js

Sorry, the diff of this file is too big to display

passport-saml - npm Package Compare versions

New alerts