passport-saml
Advanced tools
Comparing version 0.2.0 to 0.2.1
@@ -487,2 +487,57 @@ var zlib = require('zlib'); | ||
SAML.prototype.generateServiceProviderMetadata = function( decryptionCert ) { | ||
var keyDescriptor = null; | ||
if (this.options.decryptionPvk) { | ||
if (!decryptionCert) { | ||
throw new Error( | ||
"Missing decryptionCert while generating metadata for decrypting service provider"); | ||
} | ||
decryptionCert = decryptionCert.replace( /-+BEGIN CERTIFICATE-+\r?\n?/, '' ); | ||
decryptionCert = decryptionCert.replace( /-+END CERTIFICATE-+\r?\n?/, '' ); | ||
keyDescriptor = { | ||
'ds:KeyInfo' : { | ||
'ds:X509Data' : { | ||
'ds:X509Certificate': { | ||
'#text': decryptionCert | ||
} | ||
} | ||
}, | ||
'#list' : [ | ||
// this should be the set that the xmlenc library supports | ||
{ 'EncryptionMethod': { '@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' } }, | ||
{ 'EncryptionMethod': { '@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' } }, | ||
{ 'EncryptionMethod': { '@Algorithm': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' } }, | ||
] | ||
}; | ||
} | ||
if (!this.options.callbackUrl) { | ||
throw new Error( | ||
"Unable to generate service provider metadata when callbackUrl option is not set"); | ||
} | ||
var metadata = { | ||
'EntityDescriptor' : { | ||
'@xmlns': 'urn:oasis:names:tc:SAML:2.0:metadata', | ||
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#', | ||
'@entityID': this.options.issuer, | ||
'SPSSODescriptor' : { | ||
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol', | ||
'KeyDescriptor' : keyDescriptor, | ||
'NameIDFormat' : this.options.identifierFormat, | ||
'AssertionConsumerService' : { | ||
'@index': '1', | ||
'@isDefault': 'true', | ||
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', | ||
'@Location': this.options.callbackUrl | ||
} | ||
}, | ||
} | ||
}; | ||
return xmlbuilder.create(metadata).end({ pretty: true, indent: ' ', newline: '\n' }); | ||
}; | ||
exports.SAML = SAML; |
@@ -89,2 +89,6 @@ var passport = require('passport'); | ||
Strategy.prototype.generateServiceProviderMetadata = function( decryptionCert ) { | ||
return this._saml.generateServiceProviderMetadata( decryptionCert ); | ||
}; | ||
module.exports = Strategy; |
{ | ||
"name": "passport-saml", | ||
"version": "0.2.0", | ||
"version": "0.2.1", | ||
"licenses": [{ | ||
@@ -5,0 +5,0 @@ "type": "MIT", |
@@ -80,2 +80,9 @@ Passport-SAML | ||
### generateServiceProviderMetadata( decryptionCert ) | ||
As a convenience, the strategy object exposes a `generateServiceProviderMetadata` method which will generate a service provider metadata document suitable for supplying to an identity provider. This method will only work on strategies which are configured with a `callbackUrl` (since the relative path for the callback is not sufficient information to generate a complete metadata document). | ||
The `decryptionCert` argument should be a certificate matching the `decryptionPvk` and is required if the strategy is configured with a `decryptionPvk`. | ||
## Security and signatures | ||
@@ -82,0 +89,0 @@ |
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
142035
19
1315
118