From a45692485bb41bc09001fe5b80496f70486c78f1 Mon Sep 17 00:00:00 2001 From: Sherakama Date: Wed, 15 Dec 2021 14:21:03 -0800 Subject: [PATCH 1/4] Document passive option Support for passive option in node-saml Re: https://github.com/node-saml/node-saml/blob/master/src/saml.ts#L135 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ad4d1a67..dbc0d9d4 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,7 @@ export interface Profile { - `racComparison`: Requested Authentication Context comparison type. Possible values are 'exact','minimum','maximum','better'. Default is 'exact'. - `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session. +- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction if possible. - `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider - `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed. - `authnRequestBinding`: if set to `HTTP-POST`, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect From 431d865c2a074e99b1b9d0ac2cf0c52887959adc Mon Sep 17 00:00:00 2001 From: Sherakama Date: Thu, 16 Dec 2021 14:02:44 -0800 Subject: [PATCH 2/4] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dbc0d9d4..c217a2e3 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,9 @@ export interface Profile { - `racComparison`: Requested Authentication Context comparison type. Possible values are 'exact','minimum','maximum','better'. Default is 'exact'. - `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session. -- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction if possible. +- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction. The IdP recognizes the parameter and returns to the SP. This is useful for validating a user session. + - An error if the IdP must interact with the user but cannot because of this parameter. + - A Federation Assertion that indicates whether the user has a valid session. - `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider - `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed. - `authnRequestBinding`: if set to `HTTP-POST`, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect From 6adc43f32c51e0bcdec5c6b825b75c5ac810d188 Mon Sep 17 00:00:00 2001 From: Sherakama Date: Thu, 16 Dec 2021 14:04:30 -0800 Subject: [PATCH 3/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c217a2e3..fd2b3edf 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ export interface Profile { - `racComparison`: Requested Authentication Context comparison type. Possible values are 'exact','minimum','maximum','better'. Default is 'exact'. - `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session. -- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction. The IdP recognizes the parameter and returns to the SP. This is useful for validating a user session. +- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction. This is useful for validating a user session without prompting for a login when there is no active session. The IdP recognizes the parameter and returns to the SP. - An error if the IdP must interact with the user but cannot because of this parameter. - A Federation Assertion that indicates whether the user has a valid session. - `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider From 6a3dd6e128cd3c276a9b239ca80fc0176551984c Mon Sep 17 00:00:00 2001 From: Shea McKinney Date: Thu, 16 Dec 2021 14:30:38 -0800 Subject: [PATCH 4/4] Fixup! linting. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fd2b3edf..66047d8a 100644 --- a/README.md +++ b/README.md @@ -165,9 +165,9 @@ export interface Profile { - `racComparison`: Requested Authentication Context comparison type. Possible values are 'exact','minimum','maximum','better'. Default is 'exact'. - `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session. -- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction. This is useful for validating a user session without prompting for a login when there is no active session. The IdP recognizes the parameter and returns to the SP. +- `passive`: if set to true, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction. This is useful for validating a user session without prompting for a login when there is no active session. The IdP recognizes the parameter and returns to the SP. - An error if the IdP must interact with the user but cannot because of this parameter. - - A Federation Assertion that indicates whether the user has a valid session. + - A Federation Assertion that indicates whether the user has a valid session. - `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider - `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed. - `authnRequestBinding`: if set to `HTTP-POST`, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect