mirror of
https://github.com/netzbegruenung/meteor-accounts-saml.git
synced 2024-04-30 19:04:53 +02:00
- changes needed for encrypted assertions
This commit is contained in:
parent
28965b536c
commit
7504f4b27a
|
@ -374,6 +374,17 @@ SAML.prototype.validateResponse = function(samlResponse, relayState, callback) {
|
|||
}
|
||||
|
||||
const assertion = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Assertion')[0];
|
||||
const encAssertion = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'EncryptedAssertion')[0];
|
||||
|
||||
var xmlenc = require('xml-encryption');
|
||||
var options = { key: this.options.privateKey, };
|
||||
|
||||
if (typeof encAssertion !== 'undefined') {
|
||||
xmlenc.decrypt(encAssertion.getElementsByTagNameNS('*', 'EncryptedData')[0], options, function(err, result) {
|
||||
assertion = new xmldom.DOMParser().parseFromString(result, 'text/xml');
|
||||
});
|
||||
}
|
||||
|
||||
if (!assertion) {
|
||||
return callback(new Error('Missing SAML assertion'), null, false);
|
||||
}
|
||||
|
@ -390,6 +401,13 @@ SAML.prototype.validateResponse = function(samlResponse, relayState, callback) {
|
|||
}
|
||||
|
||||
const subject = assertion.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Subject')[0];
|
||||
const encSubject = assertion.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'EncryptedID')[0];
|
||||
|
||||
if (typeof encSubject !== 'undefined') {
|
||||
xmlenc.decrypt(encSubject.getElementsByTagNameNS('*', 'EncryptedData')[0], options, function(err, result) {
|
||||
subject = new xmldom.DOMParser().parseFromString(result, 'text/xml');
|
||||
});
|
||||
}
|
||||
|
||||
if (subject) {
|
||||
const nameID = subject.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'NameID')[0];
|
||||
|
|
Loading…
Reference in a new issue