From a95dd8f0d50c9867d93e4f16c6cfb5620557b710 Mon Sep 17 00:00:00 2001 From: Igor Boky Date: Sat, 17 Dec 2016 12:13:12 +0300 Subject: [PATCH] Updated list of options with attributeId to make it possible to set custom reference Attribute name --- .gitignore | 1 + README.md | 1 + lib/index.js | 2 +- lib/validateSignature.js | 4 ++-- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a72b52e..069ebc6 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ results npm-debug.log node_modules +/.idea diff --git a/README.md b/README.md index 629de28..2892127 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ saml.parse(rawAssertion, function(err, profile) { * `publicKey` is the trusted public key. * `audience` (optional). If it is included audience validation will take place. * `bypassExpiration` (optional). This flag indicates expiration validation bypass (useful for testing, not recommended in production environments); +* `idAttribute` (optional). This identifier indicate the attribute name that would be used to find the validated root (default is `AttributeId`, while `ID` and `Id` would be used in any case to find the element, so you can omit that option in that cases); You can use either `thumbprint` or `publicKey` but you should use at least one. diff --git a/lib/index.js b/lib/index.js index c3cb287..1b4afde 100644 --- a/lib/index.js +++ b/lib/index.js @@ -40,7 +40,7 @@ saml.validate = function validate(rawAssertion, options, cb) { var isSignatureValid = false; try { - isSignatureValid = validateSignature(rawAssertion, options.publicKey, options.thumbprint); + isSignatureValid = validateSignature(rawAssertion, options.publicKey, options.thumbprint, options.idAttribute); } catch (e) { var error = new Error('Invalid assertion.'); diff --git a/lib/validateSignature.js b/lib/validateSignature.js index 7639d94..477c47a 100644 --- a/lib/validateSignature.js +++ b/lib/validateSignature.js @@ -5,12 +5,12 @@ var SignedXml = require('xml-crypto').SignedXml; var dom = require('xmldom').DOMParser; var thumbprint = require('thumbprint'); -module.exports = function validateSignature(xml, cert, certThumbprint) { +module.exports = function validateSignature(xml, cert, certThumbprint, idAttribute) { var doc = new dom().parseFromString(xml); var signature = select(doc, '/*/*/*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0] || select(doc, '/*/*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0]; var signed = new SignedXml(null, { - idAttribute: 'AssertionID' + idAttribute: idAttribute || 'AssertionID' }); var calculatedThumbprint;