Enable parsing saml requests.

Authress-Engineering · Mar 12, 2024 · 56a5779 · 56a5779
1 parent de40189
commit 56a5779
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 4 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -17,7 +17,7 @@ jobs:
     - name: Set up Node.js
       uses: actions/setup-node@v1
       with:
-        node-version: 12
+        node-version: 16
         registry-url: 'https://registry.npmjs.org'
 
     - name: Install packages

diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+16
diff --git a/package.json b/package.json
@@ -92,6 +92,6 @@
     "typescript": "^4.2.4"
   },
   "engines": {
-    "node": ">= 12"
+    "node": ">= 16"
   }
 }
diff --git a/src/saml.ts b/src/saml.ts
@@ -13,7 +13,8 @@ import {
   AuthenticationOptions,
   DelegationOptions,
   ValidationOptions,
-  AuthenticationResponseMetadata
+  AuthenticationResponseMetadata,
+  SamlRequestMetadata
 } from "./types";
 import { assertRequired, signXmlResponse } from "./utility";
 import {
@@ -29,6 +30,7 @@ import { certToPEM, generateUniqueId, keyToPEM } from "./crypto";
 import { dateStringToTimestamp } from "./datetime";
 
 const deflateRaw = util.promisify(zlib.deflateRaw);
+const inflateRaw = util.promisify(zlib.inflateRaw);
 
 // async function processValidlySignedSamlLogout(
 //   doc: XMLOutput,
@@ -227,6 +229,20 @@ class SamlLogin {
     });
   }
 
+  public async parseSamlRequestMetadata(samlEncodedBody: string): Promise<SamlRequestMetadata> {
+    const container = new URLSearchParams(samlEncodedBody);
+    const buffer = Buffer.from(container.get('SAMLRequest') as string, "base64");
+    const xmlBuffer = await inflateRaw(buffer);
+    // eslint-disable-next-line no-console
+    const parsedResult = await parseXml2JsFromString(xmlBuffer.toString());
+    return {
+      requestedIssuerEntityId: parsedResult.AuthnRequest.$.Destination,
+      applicationAssertionConsumerServiceUrl: parsedResult.AuthnRequest.$.AssertionConsumerServiceURL,
+      requestTimestap: new Date(parsedResult.AuthnRequest.$.IssueInstant),
+      applicationEntityId: parsedResult.AuthnRequest.Issuer[0]._
+    };
+  }
+
   public async getSamlAssertionMetadata(samlEncodedBody: string) : Promise<AuthenticationResponseMetadata> {
     const container = querystring.decode(samlEncodedBody);
     const xml = Buffer.from(container.SAMLResponse as string, "base64").toString("utf8");

diff --git a/src/types.ts b/src/types.ts
@@ -77,6 +77,13 @@ export interface AuthenticationResponseMetadata {
   authenticationRequestId: string;
 }
 
+export interface SamlRequestMetadata {
+  requestedIssuerEntityId: string;
+  applicationAssertionConsumerServiceUrl: string;
+  requestTimestap?: Date;
+  applicationEntityId: string;
+}
+
 export interface DelegationOptions {
   /** Your platforms IdP Entity ID or URL */
   issuerEntityId: string;

diff --git a/test/saml.test.ts b/test/saml.test.ts
@@ -0,0 +1,37 @@
+import { expect } from 'chai';
+import SamlLogin from '../src/saml';
+
+describe('saml.ts', () => {
+  it('parseSamlRequest', async () => {
+    const date = new Date();
+    const identityProviderIssuerUrl = "https://Account-Id.login.authress.io/api/authentication/saml?appId=applicationId";
+    const requestingApplicationUrl = "https://api.staging.application.com/api/saml/authress/callback";
+    const applicationEntityId = 'https://applicationIdentityId';
+
+    const samlRequestUrl = await new SamlLogin().generateAuthenticationUrl({
+      providerSingleSignOnUrl: identityProviderIssuerUrl,
+      requestTimestamp: date,
+      applicationEntityId: applicationEntityId,
+      applicationCallbackAssertionConsumerServiceUrl: requestingApplicationUrl,
+      allowCreate: true
+    });
+
+    const samlRequest = new URL(samlRequestUrl).search.toString();
+    const result = await new SamlLogin().parseSamlRequestMetadata(samlRequest);
+    const expectedResult = {
+      requestedIssuerEntityId: identityProviderIssuerUrl,
+      applicationEntityId: applicationEntityId,
+      applicationAssertionConsumerServiceUrl: requestingApplicationUrl,
+      requestTimestap: date
+    };
+    expect(result).to.eql(expectedResult);
+  });
+
+  it('correctly parses valid saml request', async () => {
+    const samlRequestString = 'fVNNb+IwEL33V6DcyRcJtBZEYmE/kChEkO5hLyvjDMTaxM56nJb++7UTaOmqii9Wxm/evHkzmSKtyprMG12IHfxtAPXdwJxzVQok7ePMaZQgkiJHImgFSDQj+/njmoSuT2oltWSydP5L68+iiKA0l6JLWy1nznbzdb39vtr8fphEcRwf/VEwio8smozvgzwMfD9gEDP/cJ+PJ34IftSl/gSFhmfmGNoukir5zHNQG1N15jwCFsWlCmIDK4GaCm3wfhgN/dEwCLMgIFFIgvGvDrc0JnBBdUtbaF0j8TzK2DCUnLHzqICHc87dUp64cKlxTgGiy6VHa+7ZbxCaszbfs1a8yWqN+sJFzsWp359DB0LyI8vSYbrdZx3J/OrbQgpsKlB7UM+cwdNufSO15q5p0qg7uZVt32WyasVZNd5VscdoWR4o++MkLffUvpLWJJX0c33gmXq3ie9UNbETWC1TWXL22sbt+SZVRXV/+zbC8+GxhZLajhi1cdV5Y5mXpXxZKKDazFirBpyB96H2ZZkhb1fb2KXhrAcLWdVUcbSThTNl+tL7e/+38EVp9nQHx6R3lRlhFmfCqblepMrtqIGZ2pmiAmup9MWjT8k71V6P7OTu+nz7nyb/AA==';
+
+    const samlRequest = new URLSearchParams({ SAMLRequest: samlRequestString });
+    const result = await new SamlLogin().parseSamlRequestMetadata(samlRequest.toString());
+    expect(result).not.to.eql(null);
+  })
+});
diff --git a/test/xml.test.ts b/test/xml.test.ts
@@ -1,7 +1,8 @@
 import { expect } from 'chai';
 import { parseDomFromString, parseXml2JsFromString, xpath } from "../src/xml";
 
-it('issuer validation test', async () => {
+describe("xml.ts", () => {
+  it('issuer validation test', async () => {
     const xml = `<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="AUTHRESS_4fee3b046395c4e751011e97f8900b5273d56685">
     <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
     <samlp:Status>
@@ -48,4 +49,5 @@ it('issuer validation test', async () => {
     const issuersXml = xpath.selectElements(doc, "/*[local-name()='Response']/*[local-name()='Issuer']");
     const issuerResult = await parseXml2JsFromString(issuersXml.toString());
     expect(issuerResult.Issuer._).to.eql('http://idp.example.com/metadata.php');
+  });
 });