diff --git a/README.md b/README.md index 7d1a0792..436cf5ad 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ Config parameter details: * `path`: path to callback; will be combined with protocol and server host information to construct callback url if `callbackUrl` is not specified (default: `/saml/consume`) * `protocol`: protocol for callback; will be combined with path and server host information to construct callback url if `callbackUrl` is not specified (default: `https://`) * `callbackUrl`: full callbackUrl (overrides path if supplied) +* `attributeConsumingServiceIndex`: optional `AttributeConsumingServiceIndex` attribute to add to AuthnRequest * `entryPoint`: identity provider entrypoint * `issuer`: issuer string to supply to identity provider * `cert`: see 'security and signatures' diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index ee7fc1e2..6028ffa4 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -128,6 +128,10 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive) { }; } + if (this.options.attributeConsumingServiceIndex) { + request['samlp:AuthnRequest']['@AttributeConsumingServiceIndex'] = this.options.attributeConsumingServiceIndex; + } + return xmlbuilder.create(request).end(); }; diff --git a/test/tests.js b/test/tests.js index ab7208eb..6c7f8059 100644 --- a/test/tests.js +++ b/test/tests.js @@ -168,7 +168,8 @@ describe( 'passport-saml /', function() { config: { issuer: 'http://exampleSp.com/saml', identifierFormat: 'alternateIdentifier', - passive: true + passive: true, + attributeConsumingServiceIndex: 123 }, result: { 'samlp:AuthnRequest': @@ -177,6 +178,7 @@ describe( 'passport-saml /', function() { Version: '2.0', ProtocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', AssertionConsumerServiceURL: 'http://localhost:3033/login', + AttributeConsumingServiceIndex: '123', Destination: 'https://wwwexampleIdp.com/saml', IsPassive: 'true' }, 'saml:Issuer':