passport-saml - npm Package Compare versions

Comparing version 0.31.0 to 0.32.1

lib/passport-saml/saml.js

@@ -805,2 +805,9 @@ var zlib = require('zlib');
     }
+    
+    if (self.options.audience) {
+      var audienceErr = self.checkAudienceValidityError(
+                    self.options.audience, conditions.AudienceRestriction);
+      if(audienceErr)
+        throw audienceErr;
+    }
 
@@ -873,2 +880,24 @@ var attributeStatement = assertion.AttributeStatement;
 
+SAML.prototype.checkAudienceValidityError = function(expectedAudience, audienceRestrictions) {
+  var self = this;
+  if (!audienceRestrictions || audienceRestrictions.length < 1) {
+    return new Error('SAML assertion has no AudienceRestriction');
+  }
+  var errors = audienceRestrictions.map(function(restriction) {
+    if (!restriction.Audience || !restriction.Audience[0]) {
+      return new Error('SAML assertion AudienceRestriction has no Audience value');
+    }
+    if (restriction.Audience[0] !== expectedAudience) {
+      return new Error('SAML assertion audience mismatch');
+    }
+    return null;
+  }).filter(function(result) {
+    return result !== null;
+  });
+  if (errors.length > 0) {
+    return errors[0];
+  }
+  return null;
+};
+
 SAML.prototype.validatePostRequest = function (container, callback) {
@@ -899,3 +928,3 @@ var self = this;
       callback(err);
-    })
+    });
   });
@@ -902,0 +931,0 @@ };

package.json

 {
   "name": "passport-saml",
-  "version": "0.31.0",
+  "version": "0.32.1",
   "license" : "MIT",
@@ -5,0 +5,0 @@ "keywords": [

README.md

@@ -55,2 +55,3 @@ Passport-SAML
   * `issuer`: issuer string to supply to identity provider
+  * `audience`: expected saml response Audience (if not provided, Audience won't be verified)
   * `cert`: see [Security and signatures](#security-and-signatures)
@@ -172,3 +173,3 @@ * `privateCert`: see [Security and signatures](#security-and-signatures)
 
-For more detailed instructions, see [ADSF documentation](docs/adfs/README.md).
+For more detailed instructions, see [ADFS documentation](docs/adfs/README.md).
 
@@ -232,2 +233,6 @@ ## SAML Response Validation - NotBefore and NotOnOrAfter
 
+## ChangeLog
+
+See [Releases](https://github.com/bergie/passport-saml/releases) to find the changes that go into each release.
+
 ## FAQ
@@ -234,0 +239,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

371107

increased by3.28%

Lines of code

3142

increased by3.63%

Number of lines in readme file

244

increased by2.09%

Worsened metrics

Number of low supply chain risk alerts

36

increased by9.09%

No dependency changes