Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allowCreate attribute not set correctly #538

Open
D-32 opened this issue Mar 11, 2024 · 2 comments
Open

allowCreate attribute not set correctly #538

D-32 opened this issue Mar 11, 2024 · 2 comments

Comments

@D-32
Copy link

D-32 commented Mar 11, 2024 

samlify.ServiceProvider({
	metadata: metadata,
	allowCreate: 'true',
})

If I don't set the allowCreate property the SAML request XML will have an empty attribute, which causes it to be invalid:
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate=""/>

If I set it to true (as a boolean) as specified in ServiceProviderSettings it crashes due to string.replace is not a function.
Only if I set it to the string "true" does it work. So this is my workaround, but it's of course not ideal.

Thanks for all your work on this library @tngan 🙏
@RJFelix
Copy link

RJFelix commented Mar 11, 2024

I'm having the same issue in samlify 2.8.11 but did not have it in 2.8.5, if that helps narrow down the cause.

@suzmas
Copy link

suzmas commented Mar 21, 2024
edited
Loading

This issue started for us after upgrading from 2.8.10 to 2.8.11

It was introduced here: #523 with v2.8.11

In our case, this happens when we construct a ServiceProvider with allowCreate: true, and later call serviceProvider.createLoginRequest(idp, 'redirect')

  • serviceProvider.createLoginRequest(idp, 'redirect') eventually calls loginRequestRedirectURL function, which passes an object with various values to libsaml.replaceTagsByValue, including the value true for key AllowCreate
  • replaceTagsByValue calls escapeTag with value true (because that's the value of the AllowCreate tag)
  • escapeTag passes true into xmlEscape(...)
  • --> and that's what finally Throws with "TypeError string.replace is not a function"

@sunsheeppoplar sunsheeppoplar mentioned this issue Apr 4, 2024
Merged
rrenkert added a commit to rrenkert/openslides-auth-service that referenced this issue Apr 12, 2024
@rrenkert
Add 'allowCreate: false' to sp config and downgraded smalify
83e775e 
* samlify sets an empty string as default for AllowCreate in authn request which
  leads to errors in some IdPs.
* samlify in 2.8.11 does not recognize the AllowCreate attribute so it is
  downgraded to 2.8.10 (tngan/samlify#538)
@rrenkert rrenkert mentioned this issue Apr 12, 2024
Merged
github-merge-queue bot pushed a commit to OpenSlides/openslides-auth-service that referenced this issue Apr 12, 2024
@rrenkert @peb-adr
Add 'allowCreate: false' to sp config and downgraded smalify (#343)
07ba21b 
* samlify sets an empty string as default for AllowCreate in authn request which
  leads to errors in some IdPs.
* samlify in 2.8.11 does not recognize the AllowCreate attribute so it is
  downgraded to 2.8.10 (tngan/samlify#538)

Co-authored-by: peb-adr <[email protected]>
peb-adr added a commit to peb-adr/openslides-auth-service that referenced this issue Apr 12, 2024
@rrenkert @peb-adr
Add 'allowCreate: false' to sp config and downgraded smalify (OpenSli…
cac850c 
…des#343)

* samlify sets an empty string as default for AllowCreate in authn request which
  leads to errors in some IdPs.
* samlify in 2.8.11 does not recognize the AllowCreate attribute so it is
  downgraded to 2.8.10 (tngan/samlify#538)

Co-authored-by: peb-adr <[email protected]>
@paescuj paescuj mentioned this issue Apr 29, 2024
Merged
@abuaboud abuaboud mentioned this issue Jun 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@D-32 @RJFelix @suzmas