Fix #58. Parse various SAML Assertion AttributeValue syntax in a cons…

…istent way.
prolane · Dec 16, 2022 · b198466 · b198466
1 parent 5186e38
commit b198466
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 2022-dec-16 (v3.1)
+* Fix [#58](https://github.com/prolane/samltoawsstskeys/issues/58). Parse various SAML Assertion AttributeValue syntax in a consistent way.
+
 ## 2022-dec-15 (v3.0)
 * Code refactoring due to upgrading to Extension Manifest V3
 * Improved popup styling

diff --git a/background/script.js b/background/script.js
@@ -94,7 +94,8 @@ async function onBeforeRequestEvent(details) {
   options = {
     ignoreAttributes: false,
     attributeNamePrefix : "__",
-    removeNSPrefix: true
+    removeNSPrefix: true,
+    alwaysCreateTextNode: true
   };
   parser = new XMLParser(options);
   jsObj = parser.parse(samlXmlDoc);
@@ -112,7 +113,7 @@ async function onBeforeRequestEvent(details) {
       }
     }
     if (attributes[i].__Name == "https://aws.amazon.com/SAML/Attributes/SessionDuration") {
-      sessionduration = attributes[i].AttributeValue
+      sessionduration = attributes[i].AttributeValue['#text']
       if (DebugLogs) {
         console.log('DEBUG: sessionduration:');
         console.log(sessionduration);
@@ -163,17 +164,18 @@ async function onBeforeRequestEvent(details) {
   if (attributes_role_list.length > 1 && hasRoleIndex) {
     if (DebugLogs) console.log('DEBUG: More than one role claimed and role chosen.');
     for (i = 0; i < attributes_role_list.length; i++) { 
-      attributes_role_list_item = attributes_role_list[i];
-      if (attributes_role_list_item.indexOf(roleIndex) > -1) {
+      // roleIndex is an AWS IAM Role ARN. 
+      // We need to check which item in attributes_role_list matches with roleIndex as substring
+      if (attributes_role_list[i]['#text'].indexOf(roleIndex) > -1) {
         // This item holdes the data for the role to assume.
         // (i.e. the ARN for the IAM role and the ARN of the saml-provider resource)
-        attributes_role = attributes_role_list_item
+        attributes_role = attributes_role_list[i]['#text']
       }
     }
   }
   // If there is just 1 role in the claim there will be no 'roleIndex' in the form data.
   // If there is just one role, the XMLParser does not create a list
-  else if (attributes_role_list.length == undefined) {
+  else if (attributes_role_list.hasOwnProperty('#text')) {
     // This item holdes the data for the role to assume.
     // (i.e. the ARN for the IAM role and the ARN of the saml-provider resource)
     // Use "['#text']" selector, because with one role its not a list and we simply need the value

diff --git a/manifest.json b/manifest.json
@@ -4,7 +4,7 @@
   "homepage_url": "https://github.com/prolane/samltoawsstskeys",
   "name": "SAML to AWS STS Keys Conversion",
   "description": "Generates file with AWS STS Keys after logging in to AWS webconsole using SSO (SAML 2.0). It leverages 'assumeRoleWithSAML' API.",
-  "version": "3.0",
+  "version": "3.1",
   "icons": {  "16": "icons/icon_16.png",
               "32": "icons/icon_32.png",
               "48": "icons/icon_48.png",

diff --git a/options/changelog.html b/options/changelog.html
@@ -20,6 +20,13 @@
 	<hr>
 
 	<div id="divChangelog">
+    <h3>2022-dec-16<br>v3.1</h3>
+		<ul>
+			<li>Fix <a href="https://github.com/prolane/samltoawsstskeys/issues/58" target="_blank">#58</a>. Parse various SAML Assertion AttributeValue syntax in a consistent way.</li>
+		</ul>
+		<br />
+		<br />
+
     <h3>2022-dec-15<br>v3.0</h3>
 		<ul>
 			<li>Code refactoring due to upgrading to Extension Manifest V3.</li>