#98 Fix undefined acs endpoint in authn request

tngan · Jul 7, 2017 · 47d0c0e · 47d0c0e
1 parent 0bcb040
commit 47d0c0e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/src/binding-redirect.ts b/src/binding-redirect.ts
@@ -95,7 +95,7 @@ function loginRequestRedirectURL(entity: { idp: Idp, sp: Sp }, customTagReplacem
         Issuer: metadata.sp.getEntityID(),
         IssueInstant: new Date().toISOString(),
         NameIDFormat: namespace.format[spSetting.loginNameIDFormat] || namespace.format.emailAddress,
-        AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.redirect),
+        AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
         EntityID: metadata.sp.getEntityID(),
         AllowCreate: spSetting.allowCreate,
       } as any);

diff --git a/test/issues.ts b/test/issues.ts
@@ -1,6 +1,11 @@
 import esaml2 = require('../index');
 import { readFileSync, writeFileSync } from 'fs';
 import test from 'ava';
+import * as fs from 'fs';
+import * as url from 'url';
+import { DOMParser as dom } from 'xmldom';
+import { xpath as select } from 'xml-crypto';
+import * as _ from 'lodash';
 
 const {
   IdentityProvider: identityProvider,
@@ -77,6 +82,7 @@ test('#31 query param for sso/slo returns error', t => {
   const spslo = libsaml.extractor(spxml, [{ localName: 'SingleLogoutService', attributes: ['index'] }])['singlelogoutservice'];
   const sso = libsaml.extractor(idpxml, [{ localName: 'SingleSignOnService', attributes: ['index'] }])['singlesignonservice'];
   const idpslo = libsaml.extractor(idpxml, [{ localName: 'SingleLogoutService', attributes: ['index'] }])['singlelogoutservice'];
+  const sp98 = serviceProvider({ metadata: fs.readFileSync('./test/misc/sp_metadata_98.xml') });
 
   test('#33 sp metadata acs index should be increased by 1', t => {
     t.is(acs.length, 2);
@@ -115,4 +121,14 @@ test('#31 query param for sso/slo returns error', t => {
   test('#91 idp gets single sign on service from the metadata', t => {
     t.is(idp.entityMeta.getSingleSignOnService('post'), 'idp.example.com/sso');
   });
+  test('#98 undefined AssertionConsumerServiceURL with redirect request', t => {
+    const { id, context } = sp98.createLoginRequest(idp, 'redirect');
+    const originalURL = url.parse(context, true);
+    const request = originalURL.query.SAMLRequest;
+    const rawRequest = utility.inflateString(decodeURIComponent(request));
+    const xml = new dom().parseFromString(rawRequest);
+    const authnRequest = select(xml, "/*[local-name(.)='AuthnRequest']")[0];
+    const acsUrl = _.find(authnRequest.attributes, (a: any) => a.nodeName === 'AssertionConsumerServiceURL').nodeValue;
+    t.is(acsUrl, 'https://example.org/response');
+  });
 })();
diff --git a/test/misc/sp_metadata_98.xml b/test/misc/sp_metadata_98.xml
@@ -0,0 +1,6 @@
+<EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.org/response">
+  <SPSSODescriptor AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+      <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+      <AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/response"/>
+  </SPSSODescriptor>
+</EntityDescriptor>