Skip to content

Commit 2398533

Browse files
tngantngan
committed
Add new keyfile option for signature verification
1 parent 5b1b145 commit 2398533

File tree

2 files changed

+9
-11
lines changed

2 files changed

+9
-11
lines changed

src/flow.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import { inflateString, base64Decode } from './utility';
22
import { verifyTime } from './validator';
3-
import libsaml from './libsaml';
3+
import libsaml, { SignatureVerifierOptions } from './libsaml';
44
import {
55
extract,
66
loginRequestFields,
@@ -134,9 +134,10 @@ async function postFlow(options): Promise<FlowResult> {
134134

135135
let samlContent = String(base64Decode(encodedRequest));
136136

137-
const verificationOptions = {
137+
const verificationOptions: SignatureVerifierOptions = {
138138
cert: from.entityMeta,
139139
signatureAlgorithm: from.entitySetting.requestSignatureAlgorithm,
140+
keyFile: from.entitySetting.keyFile
140141
};
141142

142143
const decryptRequired = from.entitySetting.isAssertionEncrypted;

src/types.ts

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ export interface SAMLDocumentTemplate {
5959
export type ServiceProviderSettings = {
6060
metadata?: string | Buffer;
6161
entityID?: string;
62+
keyFile?: string;
6263
authnRequestsSigned?: boolean;
6364
wantAssertionsSigned?: boolean;
6465
wantMessageSigned?: boolean;
@@ -69,8 +70,8 @@ export type ServiceProviderSettings = {
6970
isAssertionEncrypted?: boolean;
7071
encPrivateKey?: string | Buffer;
7172
encPrivateKeyPass?: string | Buffer;
72-
assertionConsumerService?: Array<{ Binding: string, Location: string }>;
73-
singleLogoutService?: Array<{ Binding: string, Location: string }>;
73+
assertionConsumeService?: Array<{ isDefault?: boolean, Binding: string, Location: string }>;
74+
singleLogoutService?: Array<{ isDefault?: boolean, Binding: string, Location: string }>;
7475
signatureConfig?: SignatureConfig;
7576
loginRequestTemplate?: SAMLDocumentTemplate;
7677
logoutRequestTemplate?: SAMLDocumentTemplate;
@@ -84,27 +85,23 @@ export type ServiceProviderSettings = {
8485

8586
export type IdentityProviderSettings = {
8687
metadata?: string | Buffer;
87-
8888
/** signature algorithm */
8989
requestSignatureAlgorithm?: string;
90-
9190
/** template of login response */
9291
loginResponseTemplate?: LoginResponseTemplate;
93-
9492
/** template of logout request */
9593
logoutRequestTemplate?: SAMLDocumentTemplate;
96-
9794
/** customized function used for generating request ID */
9895
generateID?: () => string;
99-
10096
entityID?: string;
97+
keyFile?: string;
10198
privateKey?: string | Buffer;
10299
privateKeyPass?: string;
103100
signingCert?: string | Buffer;
104101
encryptCert?: string | Buffer; /** todo */
105102
nameIDFormat?: string[];
106-
singleSignOnService?: Array<{ [key: string]: string }>;
107-
singleLogoutService?: Array<{ [key: string]: string }>;
103+
singleSignOnService?: Array<{ isDefault?: boolean, Binding: string, Location: string }>;
104+
singleLogoutService?: Array<{ isDefault?: boolean, Binding: string, Location: string }>;
108105
isAssertionEncrypted?: boolean;
109106
encPrivateKey?: string | Buffer;
110107
encPrivateKeyPass?: string;

0 commit comments

Comments
 (0)