Support redirect flows

• Builds on node-saml#16 • Reverts 638ce6e • Implements node-saml#191
stavros-wb · Apr 4, 2018 · 81903ab · 81903ab
1 parent 20aa0a9
commit 81903ab
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 3 deletions.
diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
@@ -689,6 +689,31 @@ SAML.prototype.validatePostResponse = function (container, callback) {
   .done();
 };
 
+SAML.prototype.validateRedirectResponse = function (container, callback) {
+  var data = new Buffer(container.SAMLResponse, "base64");
+  var signature = null; //new Buffer(container.Signature, 'base64').toString('ascii');
+  this.validateRedirect(data, signature, validateResponse, callback);
+};
+
+SAML.prototype.validateRedirectRequest = function (container, callback) {
+  var data = new Buffer(container.SAMLRequest, "base64");
+  var signature = null; //new Buffer(container.Signature, 'base64').toString('ascii');
+  this.validateRedirect(data, signature, validateRequest, callback);
+};
+
+SAML.prototype.validateRedirect = function(data, signature, validate, callback) {
+  var self = this;
+  // TODO verify redirect
+
+  zlib.inflateRaw(data, function(err, inflated) {
+    if (err) {
+      return callback(err);
+    }
+
+    self.validateXML(inflated.toString("utf8"), "", validate, callback);
+  });
+};
+
 SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callback) {
   var self = this;
   var msg;

diff --git a/lib/passport-saml/strategy.js b/lib/passport-saml/strategy.js
@@ -78,10 +78,14 @@ Strategy.prototype.authenticate = function (req, options) {
     }
   }
 
-  if (req.body && req.body.SAMLResponse) {
-      this._saml.validatePostResponse(req.body, validateCallback);
+  if (req.query && req.query.SAMLResponse) {
+    this._saml.validateRedirectResponse(req.query, validateCallback);
+  } else if (req.query && req.query.SAMLRequest) {
+    this._saml.validateRedirectRequest(req.query, validateCallback);
+  } else if (req.body && req.body.SAMLResponse) {
+    this._saml.validatePostResponse(req.body, validateCallback);
   } else if (req.body && req.body.SAMLRequest) {
-      this._saml.validatePostRequest(req.body, validateCallback);
+    this._saml.validatePostRequest(req.body, validateCallback);
   } else {
     var requestHandler = {
       'login-request': function() {