Customize namespace for EncryptedAssertion tag

tngan · Jun 30, 2017 · 377bad8 · 377bad8
1 parent 0af7b8c
commit 377bad8
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/src/entity-idp.ts b/src/entity-idp.ts
@@ -45,14 +45,21 @@ export class IdentityProvider extends Entity {
   // {boolean}      wantLogoutRequestSigned
   // {boolean}      wantAuthnRequestsSigned
   // {boolean}      wantLogoutResponseSigned
+  // {object}       tagPrefix
   //
   /**
   * @desc  Identity prvider can be configured using either metadata importing or idpSetting
   * @param  {object} idpSetting
   * @param  {string} meta
   */
   constructor(idpSetting) {
-    const entitySetting = Object.assign({ wantAuthnRequestsSigned: false }, idpSetting);
+    const defaultIdpEntitySetting = {
+      wantAuthnRequestsSigned: false,
+      tagPrefix: {
+        encryptedAssertion: 'saml',
+      },
+    };
+    const entitySetting = Object.assign(defaultIdpEntitySetting, idpSetting);
     // build attribute part
     if (idpSetting.loginResponseTemplate) {
       if (isString(idpSetting.loginResponseTemplate.context) && Array.isArray(idpSetting.loginResponseTemplate.attributes)) {

diff --git a/src/libsaml.ts b/src/libsaml.ts
@@ -618,7 +618,8 @@ const libSaml = () => {
               if (!res) {
                 return reject(new Error('undefined encrypted assertion'));
               }
-              const encryptAssertionNode = new dom().parseFromString(`<saml:EncryptedAssertion>${res}</saml:EncryptedAssertion>`);
+              const { encryptedAssertion: encAssertionPrefix } = sourceEntitySetting.tagPrefix;
+              const encryptAssertionNode = new dom().parseFromString(`<${encAssertionPrefix}:EncryptedAssertion>${res}</${encAssertionPrefix}:EncryptedAssertion>`);
               doc.replaceChild(encryptAssertionNode, assertions[0]);
               return resolve(utility.base64Encode(doc.toString()));
             });

diff --git a/test/flow.ts b/test/flow.ts
@@ -567,4 +567,17 @@ test('send login response with  encrypted non-signed assertion with EncryptThenS
   t.is(typeof extract.signature, 'string');
 });
 
+test('Customize prefix (saml2) for encrypted assertion tag', async t => {
+  const idpCustomizePfx = identityProvider(Object.assign(defaultIdpConfig, { tagPrefix: {
+    encryptedAssertion: 'saml2',
+  }}));
+  const { id, context: SAMLResponse } = await idpCustomizePfx.createLoginResponse(sp, null, 'post', { email: '[email protected]' });
+  t.is((utility.base64Decode(SAMLResponse) as string).includes('saml2:EncryptedAssertion'), true);
+  const { samlContent, extract } = await sp.parseLoginResponse(idpCustomizePfx, 'post', { body: { SAMLResponse } });
+});
 
+test('Customize prefix (default is saml) for encrypted assertion tag', async t => {
+  const { id, context: SAMLResponse } = await idp.createLoginResponse(sp, null, 'post', { email: '[email protected]' });
+  t.is((utility.base64Decode(SAMLResponse) as string).includes('saml:EncryptedAssertion'), true);
+  const { samlContent, extract } = await sp.parseLoginResponse(idp, 'post', { body: { SAMLResponse } });
+});