Skip to content

Commit

Permalink
Respect transformationAlgorithms in signed LogoutRequest (#301)
Browse files Browse the repository at this point in the history
  • Loading branch information
@krystianolech @tngan
krystianolech authored and tngan committed Aug 10, 2019
1 parent a15b6d7 commit 46ce077
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion src/binding-post.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,14 +239,15 @@ function base64LogoutRequest(user, referenceTagXPath, entity, customTagReplaceme
}
if (entity.target.entitySetting.wantLogoutRequestSigned) {
// Need to embeded XML signature
const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm } = initSetting;
const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = initSetting;
return {
id,
context: libsaml.constructSAMLSignature({
referenceTagXPath,
privateKey,
privateKeyPass,
signatureAlgorithm,
transformationAlgorithms,
rawSamlMessage: rawSamlRequest,
signingCert: metadata.init.getX509Certificate('signing'),
signatureConfig: initSetting.signatureConfig || {
Expand Down
2 changes: 1 addition & 1 deletion src/libsaml.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,7 @@ const libSaml = () => {
if (!validate) {

// otherwise, an error will be thrown
return Promise.reject('Your application is potentially vulnerable because there is no validation function is found. Please read the documentation on how to setup the validator. (https://samlify.js.org/#/schema-validator)');
return Promise.reject('Your application is potentially vulnerable because no validation function found. Please read the documentation on how to setup the validator. (https://github.com/tngan/samlify#installation)');

}

Expand Down

0 comments on commit 46ce077

Please sign in to comment.