diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 674b4c54b..9ffa31b7d 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -44,6 +44,10 @@ SAML.prototype.initialize = function (options) { options.authnContext = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"; } + if (!Array.isArray(options.authnContext)) { + options.authnContext = [options.authnContext]; + } + if (!options.acceptedClockSkewMs) { // default to no skew options.acceptedClockSkewMs = 0; @@ -181,13 +185,18 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { } if (!self.options.disableRequestedAuthnContext) { + var authnContextClassRefs = []; + self.options.authnContext.forEach(function(value) { + authnContextClassRefs.push({ + '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion', + '#text': value + }); + }); + request['samlp:AuthnRequest']['samlp:RequestedAuthnContext'] = { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', '@Comparison': 'exact', - 'saml:AuthnContextClassRef': { - '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion', - '#text': self.options.authnContext - } + 'saml:AuthnContextClassRef': authnContextClassRefs }; } diff --git a/test/tests.js b/test/tests.js index ce7150875..bb0a0cc6b 100644 --- a/test/tests.js +++ b/test/tests.js @@ -392,6 +392,42 @@ describe( 'passport-saml /', function() { [ { _: 'myAuthnContext', '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } ] } } }, + { name: "Config with multiple AuthnContext", + config: { + issuer: 'http://exampleSp.com/saml', + identifierFormat: 'alternateIdentifier', + passive: true, + attributeConsumingServiceIndex: 123, + authnContext: ['myAuthnContext', 'myAuthnContext2'] + }, + result: { + 'samlp:AuthnRequest': + { '$': + { 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', + Version: '2.0', + ProtocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + AssertionConsumerServiceURL: 'http://localhost:3033/login', + AttributeConsumingServiceIndex: '123', + Destination: 'https://wwwexampleIdp.com/saml', + IsPassive: 'true'}, + 'saml:Issuer': + [ { _: 'http://exampleSp.com/saml', + '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ], + 'samlp:NameIDPolicy': + [ { '$': + { 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', + Format: 'alternateIdentifier', + AllowCreate: 'true' } } ], + 'samlp:RequestedAuthnContext': + [ { '$': + { 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', + Comparison: 'exact' }, + 'saml:AuthnContextClassRef': + [ { _: 'myAuthnContext', + '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } }, + { _: 'myAuthnContext2', + '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } ] } } + }, { name: "Config with ProviderName", config: { issuer: 'http://exampleSp.com/saml',