search

socialtables / saml-protocol

A framework-agnostic SAML protocol implementation for service and identity providers
16 stars 5 forks source link

Assumes 'saml' XML namespace #10

Closed HeroesDieYoung closed 7 years ago

HeroesDieYoung commented 7 years ago

The response-handling.js function 'processResponse' assumes a namespace of 'saml' will be used, rather than determining the namespace in use. See this line: const issuer = select("//saml:Issuer/text()", doc)[0]; Here is a (redacted) example of an assertion document from JumpCloud that uses 'saml2' as the namespace instead, resulting in error Unable to identify issuer from the library:


<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="[redacted]" ID="WAMZQUBSJDBBO56N4GDAOIQ7TGES1LZF26DQKGQH" InResponseTo="_5a0b2e41c065123098fd8dfe9e976e599cbd1dd707" IssueInstant="2017-09-26T14:23:42.861Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">[redacted]</saml2:Issuer>
<saml2p:Status>
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="CUT79RCQADD3XJBV81B79HT6YO697938EAL31PDV" IssueInstant="2017-09-26T14:23:42.861Z" Version="2.0">
    <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">[redacted]</saml2:Issuer>
...
</saml2:Assertion>
</saml2p:Response>
`
HeroesDieYoung commented 7 years ago

Retracting this issue, a different mistake in my project was causing the error I saw. This library does correctly register namespaces with xpath to allow any namespace mapped to the correct URI to be parsed. Apologies for any confusion.