mirror of
https://github.com/netzbegruenung/meteor-accounts-saml.git
synced 2024-05-01 03:14:52 +02:00
Merge pull request #10 from sathieu/invalid_xml_noprivkey
Only set KeyDescriptor when non empty
This commit is contained in:
commit
8d6771aa96
|
@ -444,12 +444,38 @@ SAML.prototype.validateResponse = function (samlResponse, relayState, callback)
|
|||
|
||||
SAML.prototype.generateServiceProviderMetadata = function (callbackUrl) {
|
||||
|
||||
var keyDescriptor = null;
|
||||
|
||||
if (!decryptionCert) {
|
||||
decryptionCert = this.options.privateCert;
|
||||
}
|
||||
|
||||
if (!this.options.callbackUrl && !callbackUrl) {
|
||||
throw new Error(
|
||||
"Unable to generate service provider metadata when callbackUrl option is not set");
|
||||
}
|
||||
|
||||
var metadata = {
|
||||
'EntityDescriptor': {
|
||||
'@xmlns': 'urn:oasis:names:tc:SAML:2.0:metadata',
|
||||
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
|
||||
'@entityID': this.options.issuer,
|
||||
'SPSSODescriptor': {
|
||||
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
|
||||
'SingleLogoutService': {
|
||||
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'@Location': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/",
|
||||
'@ResponseLocation': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/"
|
||||
},
|
||||
'NameIDFormat': this.options.identifierFormat,
|
||||
'AssertionConsumerService': {
|
||||
'@index': '1',
|
||||
'@isDefault': 'true',
|
||||
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||
'@Location': callbackUrl
|
||||
}
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
if (this.options.privateKey) {
|
||||
if (!decryptionCert) {
|
||||
throw new Error(
|
||||
|
@ -460,7 +486,7 @@ SAML.prototype.generateServiceProviderMetadata = function (callbackUrl) {
|
|||
decryptionCert = decryptionCert.replace(/-+END CERTIFICATE-+\r?\n?/, '');
|
||||
decryptionCert = decryptionCert.replace(/\r\n/g, '\n');
|
||||
|
||||
keyDescriptor = {
|
||||
metadata['EntityDescriptor']['SPSSODescriptor']['KeyDescriptor'] = {
|
||||
'ds:KeyInfo': {
|
||||
'ds:X509Data': {
|
||||
'ds:X509Certificate': {
|
||||
|
@ -489,38 +515,10 @@ SAML.prototype.generateServiceProviderMetadata = function (callbackUrl) {
|
|||
};
|
||||
}
|
||||
|
||||
if (!this.options.callbackUrl && !callbackUrl) {
|
||||
throw new Error(
|
||||
"Unable to generate service provider metadata when callbackUrl option is not set");
|
||||
}
|
||||
|
||||
var metadata = {
|
||||
'EntityDescriptor': {
|
||||
'@xmlns': 'urn:oasis:names:tc:SAML:2.0:metadata',
|
||||
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
|
||||
'@entityID': this.options.issuer,
|
||||
'SPSSODescriptor': {
|
||||
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
|
||||
'KeyDescriptor': keyDescriptor,
|
||||
'SingleLogoutService': {
|
||||
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'@Location': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/",
|
||||
'@ResponseLocation': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/"
|
||||
},
|
||||
'NameIDFormat': this.options.identifierFormat,
|
||||
'AssertionConsumerService': {
|
||||
'@index': '1',
|
||||
'@isDefault': 'true',
|
||||
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||
'@Location': callbackUrl
|
||||
}
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
return xmlbuilder.create(metadata).end({
|
||||
pretty: true,
|
||||
indent: ' ',
|
||||
newline: '\n'
|
||||
});
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue