Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Ability to define logout_endpoint and its binding in order to generate a proper metadata file #159

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add Ability to define logout_endpoint and its binding in order to generate a proper metadata file #159

wants to merge 3 commits into from

Conversation

miguelfreitas93
Copy link

In the previous version the SingleLogoutService Location is the same as Assertion Location, which is wrong because both can be different. Also it was added the ability to choose the binding of SingleLogoutService which can be "HTTP-POST" and "HTTP-Redirect"

@gabegorelick gabegorelick mentioned this pull request Aug 9, 2019
Closed
@marcusforsberg marcusforsberg mentioned this pull request Jan 10, 2020
Open
mcab
mcab requested changes Feb 3, 2021
View reviewed changes
Copy link
Member

@mcab mcab left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

Changing the default behavior of create_metadata seems like test cases might break.

saml2/test/saml2.coffee

Lines 65 to 70 in 9395913

METADATA =
saml2.create_metadata(
'https://sp.example.com/metadata.xml',
'https://sp.example.com/assert',
[CERT_1],
[CERT_1, CERT_2])

Is it possible to fix those cases and add ones to test the changing of Binding and Location?

README.md Outdated Show resolved Hide resolved
@mcab mcab self-assigned this Feb 3, 2021
@miguelfreitas93 @mcab
Update README.md
edc1aab 
Co-authored-by: Mark Cabanero <me@markcabanero.com>
@mcab mcab mentioned this pull request Feb 3, 2021
Open
miguelfreitas93
miguelfreitas93 commented Feb 3, 2021
View reviewed changes
lib/saml2.coffee
@@ -79,8 +79,8 @@ create_metadata = (entity_id, assert_endpoint, signing_certificates, encryption_
.concat encryption_cert_descriptors
.concat [
'md:SingleLogoutService':
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
'@Location': assert_endpoint
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:' + logout_binding
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logout_binding should be validated with a whitelist

miguelfreitas93
miguelfreitas93 commented Feb 3, 2021
View reviewed changes
lib/saml2.coffee
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
'@Location': assert_endpoint
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:' + logout_binding
'@Location': logout_endpoint
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logout_endpoint should be validated if it is a valid URL

@enterstudio enterstudio mentioned this pull request Mar 11, 2021
Open
@mcab mcab removed their assignment Nov 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcab mcab mcab requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@miguelfreitas93 @mcab @miguelfreitascheckmarx