Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update README to remove an insecure suggestion #704

Merged
merged 2 commits into from
Jun 25, 2022
Merged

Update README to remove an insecure suggestion #704

merged 2 commits into from
Jun 25, 2022

Conversation

cjbarth
Copy link
Collaborator

@cjbarth cjbarth commented Jun 24, 2022

Description

Update README to remove an insecure suggestion.

markstos
markstos approved these changes Jun 25, 2022
View reviewed changes
Copy link
Contributor

@markstos markstos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@markstos markstos merged commit aef40ff into node-saml:master Jun 25, 2022
@cjbarth cjbarth added the documentation Request for or contribution to documentation label Jun 25, 2022
srd90
srd90 reviewed Jun 27, 2022
View reviewed changes
docs/adfs/README.md
@@ -51,12 +51,12 @@ passport.use(
authnContext: [
"http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password",
],
// not sure if this is necessary?
acceptedClockSkewMs: -1,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

node-saml/node-saml/docs/adfs @ <= v4.0.0-beta.3 has this same insecure example (that same node-saml/node-saml document contains string as value for authnContext).

srd90
srd90 reviewed Jun 27, 2022
View reviewed changes
docs/adfs/README.md
identifierFormat: null,
// this is configured under the Advanced tab in AD FS relying party
signatureAlgorithm: "sha256",
racComparison: "exact", // default to exact RequestedAuthnContext Comparison Type
// From the metadata document
audience: "https://adfs.acme_tools.com/FederationMetadata/2007-06/FederationMetadata.xml",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example value would be more clearer if it would equal to value of issuer (with proper comment) because audience defaults to issuer (see node-saml/node-saml#25 (comment)). This example's issuer is "acme_tools_com".

Value and code commet of audience: "https://adfs.acme_tools.com/FederationMetadata/2007-06/FederationMetadata.xml" doesn't "resonate" with anything (or did I miss something?)

@cjbarth cjbarth deleted the update-readme branch September 5, 2022 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srd90 srd90 srd90 left review comments

@markstos markstos markstos approved these changes

Assignees
No one assigned
Labels
documentation Request for or contribution to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cjbarth @markstos @srd90