forked from tngan/samlify
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathentity-sp.ts
More file actions
103 lines (94 loc) · 3.27 KB
/
entity-sp.ts
File metadata and controls
103 lines (94 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/**
* @file entity-sp.ts
* @author tngan
* @desc Declares the actions taken by service provider
*/
import Entity, {
BindingContext,
PostBindingContext,
ESamlHttpRequest,
} from './entity';
import {
IdentityProviderConstructor as IdentityProvider,
ServiceProviderMetadata,
ServiceProviderSettings,
} from './types';
import { namespace } from './urn';
import redirectBinding from './binding-redirect';
import postBinding from './binding-post';
import { flow, FlowResult } from './flow';
/*
* @desc interface function
*/
export default function(props: ServiceProviderSettings) {
return new ServiceProvider(props);
}
/**
* @desc Service provider can be configured using either metadata importing or spSetting
* @param {object} spSettingimport { FlowResult } from '../types/src/flow.d';
*/
export class ServiceProvider extends Entity {
entityMeta: ServiceProviderMetadata;
/**
* @desc Inherited from Entity
* @param {object} spSetting setting of service provider
*/
constructor(spSetting: ServiceProviderSettings) {
const entitySetting = Object.assign({
authnRequestsSigned: false,
wantAssertionsSigned: false,
wantMessageSigned: false,
}, spSetting);
super(entitySetting, 'sp');
}
/**
* @desc Generates the login request for developers to design their own method
* @param {IdentityProvider} idp object of identity provider
* @param {string} binding protocol binding
* @param {function} customTagReplacement used when developers have their own login response template
*/
public createLoginRequest(
idp: IdentityProvider,
binding: 'redirect' | 'post' = 'redirect',
relayState?: string,
customTagReplacement?: (template: string) => BindingContext,
): BindingContext | PostBindingContext {
const nsBinding = namespace.binding;
const protocol = nsBinding[binding];
if (this.entityMeta.isAuthnRequestSigned() !== idp.entityMeta.isWantAuthnRequestsSigned()) {
throw new Error('ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG');
}
if (protocol === nsBinding.redirect) {
return redirectBinding.loginRequestRedirectURL({ idp, sp: this, relayState }, customTagReplacement);
}
if (protocol === nsBinding.post) {
const context = postBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", { idp, sp: this }, customTagReplacement);
return {
...context,
relayState: relayState ?? this.entitySetting.relayState,
entityEndpoint: idp.entityMeta.getSingleSignOnService(binding) as string,
type: 'SAMLRequest',
};
}
// Will support artifact in the next release
throw new Error('ERR_SP_LOGIN_REQUEST_UNDEFINED_BINDING');
}
/**
* @desc Validation of the parsed the URL parameters
* @param {IdentityProvider} idp object of identity provider
* @param {string} binding protocol binding
* @param {request} req request
*/
public parseLoginResponse(idp, binding, request: ESamlHttpRequest) {
const self = this;
return flow({
from: idp,
self: self,
checkSignature: true, // saml response must have signature
parserType: 'SAMLResponse',
type: 'login',
binding: binding,
request: request
});
}
}