Merge branch 'master' into feature/passport-cleanup

node-saml · May 21, 2021 · 01597d1 · 01597d1
2 parents 4b9f22a + 596ecdb
commit 01597d1
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 140 deletions.
diff --git a/README.md b/README.md
@@ -1,18 +1,20 @@
-# Passport-SAML
+# Node SAML
 
-[![Build Status](https://github.com/node-saml/passport-saml/workflows/Build%20Status/badge.svg)](https://github.com/node-saml/passport-saml/actions?query=workflow%3ABuild%Status) [![GitHub version](https://badge.fury.io/gh/node-saml%2Fpassport-saml.svg)](https://badge.fury.io/gh/node-saml%2Fpassport-saml) [![npm version](https://badge.fury.io/js/passport-saml.svg)](http://badge.fury.io/js/passport-saml) [![NPM](https://nodei.co/npm/passport-saml.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/passport-saml/) [![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)
+[![Build Status](https://github.com/node-saml/node-saml/workflows/Build%20Status/badge.svg)](https://github.com/node-saml/node-saml/actions?query=workflow%3ABuild%Status) [![GitHub version](https://badge.fury.io/gh/node-saml%2Fnode-saml.svg)](https://badge.fury.io/gh/node-saml%2Fnode-saml) [![npm version](https://badge.fury.io/js/node-saml.svg)](http://badge.fury.io/js/node-saml) [![NPM](https://nodei.co/npm/node-saml.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/node-saml/) [![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)
 
-This is a [SAML 2.0](http://en.wikipedia.org/wiki/SAML_2.0) authentication provider for [Passport](http://passportjs.org/), the Node.js authentication library.
+This is a [SAML 2.0](http://en.wikipedia.org/wiki/SAML_2.0) authentication provider for Node.js. This was forked from `passport-saml` at v3.0.0 and will become the SAML implementation for `passport-saml`. When this is mature, `passport-saml` will have code removed and replaced by a dependency on this library.
 
 The code was originally based on Michael Bosworth's [express-saml](https://github.com/bozzltron/express-saml) library.
 
-Passport-SAML has been tested to work with Onelogin, Okta, Shibboleth, [SimpleSAMLphp](http://simplesamlphp.org/) based Identity Providers, and with [Active Directory Federation Services](http://en.wikipedia.org/wiki/Active_Directory_Federation_Services).
-
 ## Installation
 
-    $ npm install passport-saml
+For now
+
+    $ npm install https://github.com/node-saml/node-saml
+
+Once the first release is done, this will be available at
 
-/
+    $ npm install node-saml
 
 ## Usage
 
@@ -23,87 +25,10 @@ The examples utilize the [Feide OpenIdp identity provider](https://openidp.feide
 The SAML identity provider will redirect you to the URL provided by the `path` configuration.
 
 ```javascript
-const SamlStrategy = require('passport-saml').Strategy;
-[...]
-
-passport.use(new SamlStrategy(
-  {
-    path: '/login/callback',
-    entryPoint: 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
-    issuer: 'passport-saml',
-    cert: 'fake cert', // cert must be provided
-  },
-  function(profile, done) {
-    findByEmail(profile.email, function(err, user) {
-      if (err) {
-        return done(err);
-      }
-      return done(null, user);
-    });
-  })
-);
-```
-
-### Configure strategy for multiple providers
-
-You can pass a `getSamlOptions` parameter to `MultiSamlStrategy` which will be called before the SAML flows. Passport-SAML will pass in the request object so you can decide which configuation is appropriate.
-
-```javascript
-const { MultiSamlStrategy } = require('passport-saml');
-[...]
+const { SAML } = require("node-saml");
 
-passport.use(new MultiSamlStrategy(
-  {
-    passReqToCallback: true, // makes req available in callback
-    getSamlOptions: function(request, done) {
-      findProvider(request, function(err, provider) {
-        if (err) {
-          return done(err);
-        }
-        return done(null, provider.configuration);
-      });
-    }
-  },
-  function(req, profile, done) {
-    findByEmail(profile.email, function(err, user) {
-      if (err) {
-        return done(err);
-      }
-      return done(null, user);
-    });
-  })
-);
-```
-
-The options passed when the `MultiSamlStrategy` is initialized are also passed as default values to each provider.
-e.g. If you provide an `issuer` on `MultiSamlStrategy`, this will be also a default value for every provider.
-You can override these defaults by passing a new value through the `getSamlOptions` function.
-
-Using multiple providers supports `validateInResponseTo`, but all the `InResponse` values are stored on the same Cache. This means, if you're using the default `InMemoryCache`, that all providers have access to it and a provider might get its response validated against another's request. [Issue Report](!https://github.com/node-saml/passport-saml/issues/334). To amend this you should provide a different cache provider per SAML provider, through the `getSamlOptions` function.
-
-> :warning: **There's a race condition [bug](https://github.com/node-saml/passport-saml/issues/425) in versions < 1.3.3 which makes it vulnerable to DOS attacks**: Please use > 1.3.3 if you want to use this issue
-
-#### The profile object:
-
-The profile object referenced above contains the following:
-
-```typescript
-type Profile = {
-  issuer?: string;
-  sessionIndex?: string;
-  nameID?: string;
-  nameIDFormat?: string;
-  nameQualifier?: string;
-  spNameQualifier?: string;
-  mail?: string; // InCommon Attribute urn:oid:0.9.2342.19200300.100.1.3
-  email?: string; // `mail` if not present in the assertion
-  getAssertionXml(): string; // get the raw assertion XML
-  getAssertion(): object; // get the assertion XML parsed as a JavaScript object
-  getSamlResponseXml(): string; // get the raw SAML response XML
-  ID?: string;
-} & {
-  [attributeName: string]: unknown; // arbitrary `AttributeValue`s
-};
+const options = {};
+const saml = new SAML(options);
 ```
 
 #### Config parameter details:
@@ -176,53 +101,6 @@ type Profile = {
 - `additionalLogoutParams`: dictionary of additional query params to add to 'logout' requests
 - `logoutCallbackUrl`: The value with which to populate the `Location` attribute in the `SingleLogoutService` elements in the generated service provider metadata.
 
-### Provide the authentication callback
-
-You need to provide a route corresponding to the `path` configuration parameter given to the strategy:
-
-The authentication callback must be invoked after the `body-parser` middlerware.
-
-```javascript
-const bodyParser = require("body-parser");
-
-app.post(
-  "/login/callback",
-  bodyParser.urlencoded({ extended: false }),
-  passport.authenticate("saml", { failureRedirect: "/", failureFlash: true }),
-  function (req, res) {
-    res.redirect("/");
-  }
-);
-```
-
-### Authenticate requests
-
-Use `passport.authenticate()`, specifying `saml` as the strategy:
-
-```javascript
-app.get(
-  "/login",
-  passport.authenticate("saml", { failureRedirect: "/", failureFlash: true }),
-  function (req, res) {
-    res.redirect("/");
-  }
-);
-```
-
-...or, if you wish to add or override query string parameters:
-
-```javascript
-app.get(
-  "/login",
-  passport.authenticate("saml", {
-    additionalParams: { username: "user@domain.com" },
-  }),
-  function (req, res) {
-    res.redirect("/");
-  }
-);
-```
-
 ### generateServiceProviderMetadata( decryptionCert, signingCert )
 
 As a convenience, the strategy object exposes a `generateServiceProviderMetadata` method which will generate a service provider metadata document suitable for supplying to an identity provider. This method will only work on strategies which are configured with a `callbackUrl` (since the relative path for the callback is not sufficient information to generate a complete metadata document).
@@ -394,14 +272,10 @@ Passport-SAML has built in support for SLO including
 
 ## ChangeLog
 
-See [Releases](https://github.com/node-saml/passport-saml/releases) to find the changes that go into each release.
+See [Changelog](https://github.com/node-saml/node-saml/blob/master/CHANGELOG.md)
 
 ## FAQ
 
-### Is there an example I can look at?
-
-Gerard Braad has provided an example app at https://github.com/gbraad/passport-saml-example/
-
 ## Node Support Policy
 
 We only support [Long-Term Support](https://github.com/nodejs/Release) versions of Node.

diff --git a/src/saml.ts b/src/saml.ts
@@ -868,7 +868,7 @@ class SAML {
       }
     } catch (err) {
       debug("validatePostResponse resulted in an error: %s", err);
-      if (this.options.validateInResponseTo != null) {
+      if (this.options.validateInResponseTo) {
         await this.cacheProvider.removeAsync(inResponseTo!);
       }
       throw err;