Merge pull request #10 from sathieu/invalid_xml_noprivkey

Only set KeyDescriptor when non empty
2024-05-01 03:14:52 +02:00 · 2017-05-12 18:58:03 +02:00 · 2017-05-12 18:58:03 +02:00 · 8d6771aa96
parent 6be4207018 18d2fb3fd1
commit 8d6771aa96
1 changed files with 30 additions and 32 deletions
--- a/saml_utils.js
+++ b/saml_utils.js
@ -444,12 +444,38 @@ SAML.prototype.validateResponse = function (samlResponse, relayState, callback)

 SAML.prototype.generateServiceProviderMetadata = function (callbackUrl) {

-    var keyDescriptor = null;
-
    if (!decryptionCert) {
        decryptionCert = this.options.privateCert;
    }  

+    if (!this.options.callbackUrl && !callbackUrl) {
+        throw new Error(
+            "Unable to generate service provider metadata when callbackUrl option is not set");
+    }
+
+    var metadata = {
+        'EntityDescriptor': {
+            '@xmlns': 'urn:oasis:names:tc:SAML:2.0:metadata',
+            '@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
+            '@entityID': this.options.issuer,
+            'SPSSODescriptor': {
+                '@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
+                'SingleLogoutService': {
+                    '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+                    '@Location': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/",
+                    '@ResponseLocation': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/"
+                },
+                'NameIDFormat': this.options.identifierFormat,
+                'AssertionConsumerService': {
+                    '@index': '1',
+                    '@isDefault': 'true',
+                    '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+                    '@Location': callbackUrl
+                }
+            },
+        }
+    };
+
    if (this.options.privateKey) {
        if (!decryptionCert) {
            throw new Error(
@ -460,7 +486,7 @@ SAML.prototype.generateServiceProviderMetadata = function (callbackUrl) {
        decryptionCert = decryptionCert.replace(/-+END CERTIFICATE-+\r?\n?/, '');
        decryptionCert = decryptionCert.replace(/\r\n/g, '\n');

-        keyDescriptor = {
+        metadata['EntityDescriptor']['SPSSODescriptor']['KeyDescriptor'] = {
            'ds:KeyInfo': {
                'ds:X509Data': {
                    'ds:X509Certificate': {
@ -489,38 +515,10 @@ SAML.prototype.generateServiceProviderMetadata = function (callbackUrl) {
        };
    }

-    if (!this.options.callbackUrl && !callbackUrl) {
-        throw new Error(
-            "Unable to generate service provider metadata when callbackUrl option is not set");
-    }
-
-    var metadata = {
-        'EntityDescriptor': {
-            '@xmlns': 'urn:oasis:names:tc:SAML:2.0:metadata',
-            '@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
-            '@entityID': this.options.issuer,
-            'SPSSODescriptor': {
-                '@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
-                'KeyDescriptor': keyDescriptor,
-                'SingleLogoutService': {
-                    '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-                    '@Location': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/",
-                    '@ResponseLocation': Meteor.absoluteUrl() + "_saml/logout/" + this.options.provider + "/"
-                },
-                'NameIDFormat': this.options.identifierFormat,
-                'AssertionConsumerService': {
-                    '@index': '1',
-                    '@isDefault': 'true',
-                    '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
-                    '@Location': callbackUrl
-                }
-            },
-        }
-    };

    return xmlbuilder.create(metadata).end({
        pretty: true,
        indent: '  ',
        newline: '\n'
    });
-};
+};