Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allowCreate for SP setting field throws error #550

Open
ShayeGun opened this issue Nov 4, 2024 · 1 comment
Open

allowCreate for SP setting field throws error #550

ShayeGun opened this issue Nov 4, 2024 · 1 comment

Comments

@ShayeGun
Copy link

ShayeGun commented Nov 4, 2024

I tried using idp.loginRequestParser to parse context data, but it threw an error saying the allowCreate field is invalid and must be set to true. So, I went to the SP settings, set allowCreate to true, and tried creating a new SP login request, but then it threw this error :
[Nest] 16677 - 11/04/2024, 6:30:05 PM ERROR [ExceptionsHandler] string.replace is not a function

this is my code :

  1. SP config
getSP(uid: string): ServiceProviderInstance {
    const config: ServiceProviderSettings = this.getSPConfig(uid);
    const sp: ServiceProviderInstance = ServiceProvider(config);
    return sp;
  }
  getSPConfig(uid: string): ServiceProviderSettings {
    const spLoginURL = `http://localhost:3000/saml/sp/authenticate/${uid}/`;
    const config: ServiceProviderSettings = {
      // Basic Service Provider Configuration
      // Unique identifier for the Service Provider
      entityID: 'SPExampleEntityID',
      // Optional: Allows IdP to create NameIDs dynamically
      allowCreate: true,

      // Assertion Consumer Service endpoints
      assertionConsumerService: [
        {
          Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
          Location: spLoginURL,
        },
        {
          Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
          Location: spLoginURL,
        },
        {
          Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
          Location: spLoginURL,
          // Sets the default binding for SSO responses
          // isDefault: true,
        },
        {
          Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign',
          Location: spLoginURL,
        },
      ],

      // Single Logout Service endpoints
      singleLogoutService: [
        {
          Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
          Location: `http://localhost:3000/saml/sp/logout/${uid}/`,
        },
        {
          Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
          Location: `http://localhost:3000/saml/sp/logout/${uid}/`,
        },
      ],

      // Security settings for signing and encryption
      authnRequestsSigned: true, // Specifies if the SP signs AuthnRequests
      wantAssertionsSigned: true, // Indicates if the SP expects signed assertions

      // Certificates and Keys for Signing and Encryption
      signingCert: readFileSync(join(SP_KEY_PATH, 'cert.cer')).toString('utf8'),
      privateKey: readFileSync(join(SP_KEY_PATH, 'privkey.pem')).toString(
        'utf8'
      ),
      privateKeyPass: 'privateKeyPass', // Passphrase for the private key
      isAssertionEncrypted: true, // Specifies if assertions must be encrypted
      encPrivateKey: readFileSync(join(SP_KEY_PATH, 'encryptKey.pem')).toString(
        'utf8'
      ),
      encPrivateKeyPass: 'encPrivateKeyPass',

      // Supported NameID formats for assertions
      nameIDFormat: [
        'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
        'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
      ],

      // Signature configurations
      signatureConfig: {
        // XML namespace prefix for signatures
        prefix: 'ds',
        location: {
          reference:
            "/*[local-name(.)='AuthnRequest']/*[local-name(.)='Issuer']",
          // Specifies location of the signature within XML
          action: 'after',
        },
      },

      // Algorithm settings for encryption and signing
      // Signing algorithm
      requestSignatureAlgorithm:
        'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
    };

    return config;
  }
  1. Main SP service :
  async spLogin(res: Response) {
    // Get the IDP and SP instances
    const idp = this.idpService.getIDP('uid');
    const sp = this.spService.getSP('uid');
    // The binding valid values: 'BindingType.Post', 'BindingType.Redirect'
    // Set binding
    // @todo: Binding will be set from the IDP/SP configs
    const binding = BindingType.Post;
    // Generate SAMLRequest
    const { context } = await this.spService.generateSAMLRequest(
      idp,
      sp,
      binding
    );

    // Build SAMLRequest
    const response = await this.spService.buildSAMLRequest(
      idp,
      binding,
      context
    );
    // Send SAMLRequest to the IDP, based on the binding it will be a redirect or post request
    await this.spService.sendSAMLRequest(res, binding, response);
  }
  1. SP utils service :
async generateSAMLRequest(
    idp: IdentityProviderInstance,
    sp: ServiceProviderInstance,
    binding: string
  ): Promise<{ id: string; context: string }> {
    const { id, context } = sp.createLoginRequest(idp, binding);

    console.log({ id, context });
    return { id, context };
  }
  1. error trace:
[Nest] 16677  - 11/04/2024, 6:30:05 PM   ERROR [ExceptionsHandler] string.replace is not a function
TypeError: string.replace is not a function
    at escape (/home/shy/Desktop/IDmelon/feder/node_modules/xml-escape/index.js:11:17)
    at <anonymous> (/home/shy/Desktop/IDmelon/feder/node_modules/samlify/src/libsaml.ts:245:42)
    at String.replace (<anonymous>)
    at <anonymous> (/home/shy/Desktop/IDmelon/feder/node_modules/samlify/src/libsaml.ts:268:25)
    at Array.forEach (<anonymous>)
    at Object.replaceTagsByValue (/home/shy/Desktop/IDmelon/feder/node_modules/samlify/src/libsaml.ts:267:30)
    at Object.base64LoginRequest (/home/shy/Desktop/IDmelon/feder/node_modules/samlify/src/binding-post.ts:36:32)
    at ServiceProvider.ServiceProvider.createLoginRequest (/home/shy/Desktop/IDmelon/feder/node_modules/samlify/src/entity-sp.ts:74:31)
    at SAMLSPUtilsService.generateSAMLRequest (/home/shy/Desktop/IDmelon/feder/src/saml/utils/sp.service.ts:110:32)
    at SAMLSPService.spLogin (/home/shy/Desktop/IDmelon/feder/src/saml/sp/sp.service.ts:25:46)

How I fixed it :
just downgrade from 2.8.11 to 2.8.10

@suzmas
Copy link

suzmas commented Dec 1, 2024

Duplicate of #538

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants