Exposing name_format to config

handnot2 / samly

Elixir Plug library to enable SAML 2.0 SP SSO in Phoenix/Plug applications.

MIT License

126 stars 93 forks source link

Exposing name_format to config #23

Closed papakay closed 5 years ago

papakay commented 6 years ago

@handnot2 please can you kindly update the name_format in the function below to use the nameid_format property provided in the idp configuration?

helper.ex

def gen_idp_signin_req(sp, idp_metadata) do
    idp_signin_url = Esaml.esaml_idp_metadata(idp_metadata, :login_location)
    # TODO: Expose an config
    name_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
    xml_frag = :esaml_sp.generate_authn_request(idp_signin_url, sp, name_format)
    {idp_signin_url, xml_frag}
  end

handnot2 commented 5 years ago

What nameid-format are you planning to use? Anything besides what is in this list?

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName

papakay commented 5 years ago

I'm using this urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

handnot2 commented 5 years ago

Can you checkout nameid_format_from_metadata branch and verify the fix?