saml20-maintained-adfs - npm explorer

SAML 2.0 & 1.1 Assertion Parser & Validator
=============
saml20-maintained is a fork of saml20. It is the same library with updated versions of vulnerable dependencies.

Installation

bash

$ npm install saml20-maintained





Usage



$3

rawAssertion

 is the SAML Assertion in string format.



Parses the

rawAssertion

 without validating signature, expiration and audience. It allows you to get information from the token like the Issuer name in order to obtain the right public key to validate the token in a multi-providers scenario.

javascript



var saml = require('saml20-maintained');



saml.parse(rawAssertion, function(err, profile) {

	// err



	var claims = profile.claims; // Array of user attributes;

	var issuer = profile.issuer; // String Issuer name.

});

$3

rawAssertion

 is the SAML Assertion in string format.

options

:



*

thumbprint

 is the thumbprint of the trusted public key (uses the public key that comes in the assertion).

*

publicKey

 is the trusted public key.

*

audience

 (optional). If it is included audience validation will take place.

*

bypassExpiration

 (optional). This flag indicates expiration validation bypass (useful for testing, not recommended in production environments);



You can use either

thumbprint or publicKey

 but you should use at least one.

javascript



var saml = require('saml20-maintained');



var options = {

	thumbprint: '1aeabdfa4473ecc7efc5947b18436c575574baf8',

	audience: 'http://myservice.com/'

}



saml.validate(rawAssertion, options, function(err, profile) {

	// err



	var claims = profile.claims; // Array of user attributes;

	var issuer = profile.issuer; // String Issuer name.

});





or using publicKey:

javascript



var saml = require('saml20-maintained');



var options = {

	publicKey: 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5Bc...',

	audience: 'http://myservice.com/'

}



saml.validate(rawAssertion, options, function(err, profile) {

	// err



	var claims = profile.claims; // Array of user attributes;

	var issuer = profile.issuer; // String Issuer name.

});





Tests



$3



In order to run the tests you must configure

lib.index.js

 with these variables:

javascript



var issuerName = 'https://your-issuer.com';

var thumbprint = '1aeabdfa4473ecc7efc5947b19436c575574baf8';

var certificate = 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5BcFe0ssmeKTAJBgU...';

var audience = 'http://your-service.com/';





You also need to include a valid and an invalid SAML 2.0 token on

test/assets/invalidToken.xml and test/assets/validToken.xml

``

xml



https://your-issuer.com/qJQjAuaj7adyLkl6m3T1oRhtYytu4bebq9JcQObZIu8=amPTOSqkEq5ppbCyUgGgm....





To run the tests use:

bash

$ npm test

License

MIT

SAML 2.0 & 1.1 Assertion Parser & Validator
=============
saml20-maintained is a fork of saml20. It is the same library with updated versions of vulnerable dependencies.

Installation

bash

$ npm install saml20-maintained





Usage



$3

rawAssertion

 is the SAML Assertion in string format.



Parses the

rawAssertion

 without validating signature, expiration and audience. It allows you to get information from the token like the Issuer name in order to obtain the right public key to validate the token in a multi-providers scenario.

javascript



var saml = require('saml20-maintained');



saml.parse(rawAssertion, function(err, profile) {

	// err



	var claims = profile.claims; // Array of user attributes;

	var issuer = profile.issuer; // String Issuer name.

});

$3

rawAssertion

 is the SAML Assertion in string format.

options

:



*

thumbprint

 is the thumbprint of the trusted public key (uses the public key that comes in the assertion).

*

publicKey

 is the trusted public key.

*

audience

 (optional). If it is included audience validation will take place.

*

bypassExpiration

 (optional). This flag indicates expiration validation bypass (useful for testing, not recommended in production environments);



You can use either

thumbprint or publicKey

 but you should use at least one.

javascript



var saml = require('saml20-maintained');



var options = {

	thumbprint: '1aeabdfa4473ecc7efc5947b18436c575574baf8',

	audience: 'http://myservice.com/'

}



saml.validate(rawAssertion, options, function(err, profile) {

	// err



	var claims = profile.claims; // Array of user attributes;

	var issuer = profile.issuer; // String Issuer name.

});





or using publicKey:

javascript



var saml = require('saml20-maintained');



var options = {

	publicKey: 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5Bc...',

	audience: 'http://myservice.com/'

}



saml.validate(rawAssertion, options, function(err, profile) {

	// err



	var claims = profile.claims; // Array of user attributes;

	var issuer = profile.issuer; // String Issuer name.

});





Tests



$3



In order to run the tests you must configure

lib.index.js

 with these variables:

javascript



var issuerName = 'https://your-issuer.com';

var thumbprint = '1aeabdfa4473ecc7efc5947b19436c575574baf8';

var certificate = 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5BcFe0ssmeKTAJBgU...';

var audience = 'http://your-service.com/';





You also need to include a valid and an invalid SAML 2.0 token on

test/assets/invalidToken.xml and test/assets/validToken.xml

``

xml



https://your-issuer.com/qJQjAuaj7adyLkl6m3T1oRhtYytu4bebq9JcQObZIu8=amPTOSqkEq5ppbCyUgGgm....





To run the tests use:

bash

$ npm test

License

MIT