Skip to content

Commit

Permalink
check for audience
Browse files Browse the repository at this point in the history
  • Loading branch information
Sonny Mai committed Jan 22, 2016
1 parent 5257486 commit 578c6dd
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions lib/passport-saml/saml.js
Original file line number Diff line number Diff line change
Expand Up @@ -759,6 +759,15 @@ SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callb
throw conErr;
}

var audienceRestriction = conditions.AudienceRestriction ? conditions.AudienceRestriction[0] : null;

if (audienceRestriction.Audience && audienceRestriction.Audience.length > 0) {
if (audienceRestriction.Audience.indexOf(self.options.issuer) === -1) {
msg = 'Audience does not match ' + self.options.issuer;
throw new Error(msg);
}
}

var attributeStatement = assertion.AttributeStatement;
if (attributeStatement) {
var attributes = [].concat.apply([], attributeStatement.filter(function (attr) {
Expand Down

1 comment on commit 578c6dd

@benjamine
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is great!, although issuer and audience are typically not the same (I'd add self.options.audience).

Please sign in to comment.