Open D-32 opened 6 months ago
I'm having the same issue in samlify 2.8.11 but did not have it in 2.8.5, if that helps narrow down the cause.
This issue started for us after upgrading from 2.8.10
to 2.8.11
It was introduced here: https://github.com/tngan/samlify/pull/523 with v2.8.11
In our case, this happens when we construct a ServiceProvider
with allowCreate: true
, and later call serviceProvider.createLoginRequest(idp, 'redirect')
serviceProvider.createLoginRequest(idp, 'redirect')
eventually calls loginRequestRedirectURL
function, which passes an object with various values to libsaml.replaceTagsByValue
, including the value true
for key AllowCreate
replaceTagsByValue
calls escapeTag
with value true
(because that's the value of the AllowCreate
tag)escapeTag
passes true
into xmlEscape(...)
Throw
s with "TypeError string.replace is not a function"
If I don't set the
allowCreate
property the SAML request XML will have an empty attribute, which causes it to be invalid:<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate=""/>
If I set it to
true
(as a boolean) as specified inServiceProviderSettings
it crashes due tostring.replace is not a function
. Only if I set it to the string"true"
does it work. So this is my workaround, but it's of course not ideal.Thanks for all your work on this library @tngan 🙏