#284 Simplify the usage of nameIDFormat (#285)

docs/sp-configuration.md

@@ -42,7 +42,7 @@ OR
   _Optional_: Define the DOM structure of xml document, default to `['KeyDescriptor', 'NameIDFormat', 'SingleLogoutService', 'AssertionConsumerService']`. (See more [#89](https://github.com/tngan/samlify/issues/89))
 
 - **nameIDFormat: NameIDFormat[]**<br/>
-  _Optional_: Declare the name id format that would respond if you construct the sp without a metadata.
+  _Optional_: Declare the name id format that would respond if you construct the sp without a metadata. The request will always pick the first one if multiple formats are specified.
 
 - **singleLogoutService: Service[]**<br/>
   _Optional_: Declare the single logout service if you construct the sp without a metadata.

src/binding-post.ts

@@ -31,6 +31,8 @@ function base64LoginRequest(referenceTagXPath: string, entity: any, customTagRep
       id = get(info, 'id', null);
       rawSamlRequest = get(info, 'context', null);
     } else {
+      const nameIDFormat = spSetting.nameIDFormat;
+      const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
       id = spSetting.generateID();
       rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLoginRequestTemplate.context, {
         ID: id,
@@ -40,7 +42,7 @@ function base64LoginRequest(referenceTagXPath: string, entity: any, customTagRep
         AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
         EntityID: metadata.sp.getEntityID(),
         AllowCreate: spSetting.allowCreate,
-        NameIDFormat: namespace.format[spSetting.loginNameIDFormat] || namespace.format.emailAddress,
+        NameIDFormat: selectedNameIDFormat
       } as any);
     }
     if (metadata.idp.isWantAuthnRequestsSigned()) {

src/binding-redirect.ts

@@ -86,13 +86,15 @@ function loginRequestRedirectURL(entity: { idp: Idp, sp: Sp }, customTagReplacem
       id = get(info, 'id', null);
       rawSamlRequest = get(info, 'context', null);
     } else {
+      const nameIDFormat = spSetting.nameIDFormat;
+      const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
       id = spSetting.generateID();
       rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLoginRequestTemplate.context, {
         ID: id,
         Destination: base,
         Issuer: metadata.sp.getEntityID(),
         IssueInstant: new Date().toISOString(),
-        NameIDFormat: namespace.format[spSetting.loginNameIDFormat] || namespace.format.emailAddress,
+        NameIDFormat: selectedNameIDFormat,
         AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
         EntityID: metadata.sp.getEntityID(),
         AllowCreate: spSetting.allowCreate,

src/entity.ts

@@ -72,12 +72,15 @@ export default class Entity {
     switch (entityType) {
       case 'idp':
         this.entityMeta = IdpMetadata(metadata);
+        // setting with metadata has higher precedence 
         this.entitySetting.wantAuthnRequestsSigned = this.entityMeta.isWantAuthnRequestsSigned();
         break;
       case 'sp':
         this.entityMeta = SpMetadata(metadata);
+        // setting with metadata has higher precedence 
         this.entitySetting.authnRequestsSigned = this.entityMeta.isAuthnRequestSigned();
         this.entitySetting.wantAssertionsSigned = this.entityMeta.isWantAssertionsSigned();
+        this.entitySetting.nameIDFormat = this.entityMeta.getNameIDFormat();
         break;
       default:
         throw new Error('ERR_UNDEFINED_ENTITY_TYPE');

src/metadata-sp.ts

@@ -94,6 +94,9 @@ export class SpMetadata extends Metadata {
 
       if (isNonEmptyArray(nameIDFormat)) {
         nameIDFormat.forEach(f => descriptors.NameIDFormat!.push(f));
+      } else {
+        // default value
+        descriptors.NameIDFormat!.push(namespace.format.emailAddress);
       }
 
       if (isNonEmptyArray(singleLogoutService)) {

src/types.ts

@@ -1,4 +1,5 @@
 import { LoginResponseTemplate } from './libsaml';
+import { ServiceProviderSettings } from './types';
 
 export { IdentityProvider as IdentityProviderConstructor } from './entity-idp';
 export { IdpMetadata as IdentityProviderMetadata } from './metadata-idp';
@@ -41,14 +42,7 @@ export type MetadataSpConstructor =
   | MetadataSpOptions
   | MetadataFile;
 
-export interface EntitySetting {
-  wantAuthnRequestsSigned?: boolean;
-  authnRequestsSigned?: boolean;
-  wantLogoutResponseSigned?: boolean;
-  wantLogoutRequestSigned?: boolean;
-  wantAssertionsSigned?: boolean;
-  relayState?: any;
-}
+export type EntitySetting = ServiceProviderSettings & IdentityProviderSettings;
 
 export interface SignatureConfig {
   prefix?: string;
@@ -62,7 +56,7 @@ export interface SAMLDocumentTemplate {
   context?: string;
 }
 
-export interface ServiceProviderSettings {
+export type ServiceProviderSettings = {
   metadata?: string | Buffer;
   entityID?: string;
   authnRequestsSigned?: boolean;
@@ -83,9 +77,12 @@ export interface ServiceProviderSettings {
   signingCert?: string | Buffer;
   encryptCert?: string | Buffer;
   transformationAlgorithms?: string[];
-}
+  nameIDFormat?: string[];
+  // will be deprecated soon
+  relayState?: string;
+};
 
-export interface IdentityProviderSettings {
+export type IdentityProviderSettings = {
   metadata?: string | Buffer;
 
   /** signature algorithm */
@@ -117,4 +114,4 @@ export interface IdentityProviderSettings {
   wantAuthnRequestsSigned?: boolean;
   wantLogoutRequestSignedResponseSigned?: boolean;
   tagPrefix?: { [key: string]: string };
-}
+};

tslint.json

@@ -27,7 +27,8 @@
       "no-trailing-whitespace": false,
       "ordered-imports": false,
       "quotemark": [true, "single", "avoid-escape", "avoid-template"],
-      "variable-name": [true, "ban-keywords", "check-format", "allow-leading-underscore", "allow-pascal-case"]
+      "variable-name": [true, "ban-keywords", "check-format", "allow-leading-underscore", "allow-pascal-case"],
+      "interface-over-type-literal": false
     },
     "jsRules": {}
 }