Create a way to get provider metadata when using the MultiSamlStrategy

This adds a function to pass in a request along with the other `generateServiceProviderMetadata` arguments to retrieve provider metadata when using the MultiSamlStrategy. If there is no request, we cannot call the `_getSamlOptions`-function to retrieve all the necessary options to call the `generateServiceProviderMetadata`-function with.
node-saml · Dec 12, 2018 · 2518ca2 · 2518ca2
1 parent f6b1c88
commit 2518ca2
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -184,6 +184,8 @@ The `decryptionCert` argument should be a public certificate matching the `decry
 
 The `signingCert` argument should be a public certificate matching the `privateCert` and is required if the strategy is configured with a `privateCert`.
 
+The `generateServiceProviderMetadata` method is also available on the `MultiSamlStrategy`, but needs an extra request argument (`generateServiceProviderMetadata( req, decryptionCert, signingCert )`), which is passed to the `getSamlOptions` to retrieve the correct configuration.
+
 
 ## Security and signatures
 

diff --git a/multiSamlStrategy.js b/multiSamlStrategy.js
@@ -39,4 +39,17 @@ MultiSamlStrategy.prototype.logout = function (req, options) {
   });
 };
 
+MultiSamlStrategy.prototype.generateServiceProviderMetadata = function( req, decryptionCert, signingCert ) {
+  var self = this;
+
+  return this._getSamlOptions(req, function (err, samlOptions) {
+    if (err) {
+      return self.error(err);
+    }
+
+    self._saml = new saml.SAML(samlOptions);
+    return self.constructor.super_.prototype.generateServiceProviderMetadata.call(self, decryptionCert, signingCert );
+  });
+};
+
 module.exports = MultiSamlStrategy;
diff --git a/test/multiSamlStrategy.js b/test/multiSamlStrategy.js
@@ -149,3 +149,44 @@ describe('strategy#logout', function() {
     strategy.logout();
   });
 });
+
+describe('strategy#generateServiceProviderMetadata', function() {
+  beforeEach(function() {
+    this.superGenerateServiceProviderMetadata = sinon.stub(SamlStrategy.prototype, 'generateServiceProviderMetadata');
+  });
+
+  afterEach(function() {
+    this.superGenerateServiceProviderMetadata.restore();
+  });
+
+  it('calls super with request and generateServiceProviderMetadata options', function(done) {
+    var superGenerateServiceProviderMetadata = this.superGenerateServiceProviderMetadata;
+    function getSamlOptions (req, fn) {
+      fn();
+      sinon.assert.calledOnce(superGenerateServiceProviderMetadata);
+      superGenerateServiceProviderMetadata.calledWith('bar', 'baz');
+      req.should.eql('foo');
+      done();
+    };
+
+
+    var strategy = new MultiSamlStrategy({ getSamlOptions: getSamlOptions }, verify);
+    strategy.generateServiceProviderMetadata('foo', 'bar', 'baz');
+  });
+
+  it('passes options on to saml strategy', function(done) {
+    var passportOptions = {
+      passReqToCallback: true,
+      authnRequestBinding: 'HTTP-POST',
+      getSamlOptions: function (req, fn) {
+        fn();
+        strategy._passReqToCallback.should.eql(true);
+        strategy._authnRequestBinding.should.eql('HTTP-POST');
+        done();
+      }
+    };
+
+    var strategy = new MultiSamlStrategy(passportOptions, verify);
+    strategy.generateServiceProviderMetadata('foo', 'bar', 'baz');
+  });
+});
Original file line number	Diff line number	Diff line change
Expand Up		@@ -184,6 +184,8 @@ The `decryptionCert` argument should be a public certificate matching the `decry

		The `signingCert` argument should be a public certificate matching the `privateCert` and is required if the strategy is configured with a `privateCert`.

		The `generateServiceProviderMetadata` method is also available on the `MultiSamlStrategy`, but needs an extra request argument (`generateServiceProviderMetadata( req, decryptionCert, signingCert )`), which is passed to the `getSamlOptions` to retrieve the correct configuration.


		## Security and signatures

Expand Down