npm
Sign UpSign In

saml12

0.1.2 • Public • Published

SAML 2.0 & 1.1 Assertion Parser & Validator

saml12 is a fork of saml20. It is the same library with updated versions of vulnerable dependencies and bug fixes.

saml12 is a simple module that allows you to parse and validate SAML 1.1 and 2.0 tokens. It has been tested with Microsoft ADFS, OKTA, and PingOne tokens.

Installation

$ npm install saml12

Usage

saml.parse(rawAssertion, cb)

rawAssertion is the SAML Assertion in string format.

Parses the rawAssertion without validating signature, expiration and audience. It allows you to get information from the token like the Issuer name in order to obtain the right public key to validate the token in a multi-providers scenario.

 
var saml = require('saml12');
 
saml.parse(rawAssertion, function(err, profile) {
    // err
 
    var audience = profile.audience;            // Who the assertion is intended for
    var claims = profile.claims;                // Array of user attributes;
    var issuer = profile.issuer;                // String Issuer name.
    var notBefore = profile.notBefore;          // Earliest time instant at which the assertion is valid (string).
    var notOnOrAfter = profile.notOnOrAfter;    // Time instant at which the assertion has expired (string).
});
 

saml.validate(rawAssertion, options, cb)

rawAssertion is the SAML Assertion in string format.

options:

  • thumbprint is the thumbprint of the trusted public key (uses the public key that comes in the assertion).
  • publicKey is the trusted public key.
  • audience (optional). If it is included audience validation will take place.
  • bypassExpiration (optional). This flag indicates expiration validation bypass (useful for testing, not recommended in production environments);

You can use either thumbprint or publicKey but you should use at least one.

 
var saml = require('saml12');
 
var options = {
    thumbprint: '1aeabdfa4473ecc7efc5947b18436c575574baf8',
    audience: 'http://myservice.com/'
}
 
saml.validate(rawAssertion, options, function(err, profile) {
    // err
 
    var audience = profile.audience;            // Who the assertion is intended for
    var claims = profile.claims;                // Array of user attributes;
    var issuer = profile.issuer;                // String Issuer name.
    var notBefore = profile.notBefore;          // Earliest time instant at which the assertion is valid (string).
    var notOnOrAfter = profile.notOnOrAfter;    // Time instant at which the assertion has expired (string).
});
 

or using publicKey:

 
var saml = require('saml12');
 
var options = {
    publicKey: 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5Bc...',
    audience: 'http://myservice.com/'
}
 
saml.validate(rawAssertion, options, function(err, profile) {
    // err
 
    var audience = profile.audience;            // Who the assertion is intended for
    var claims = profile.claims;                // Array of user attributes;
    var issuer = profile.issuer;                // String Issuer name.
    var notBefore = profile.notBefore;          // Earliest time instant at which the assertion is valid (string).
    var notOnOrAfter = profile.notOnOrAfter;    // Time instant at which the assertion has expired (string).
});
 

Tests

Configure test/lib.index.js

In order to run the tests you must configure lib.index.js with these variables:

 
var issuerName = 'https://your-issuer.com';
var thumbprint = '1aeabdfa4473ecc7efc5947b19436c575574baf8';
var certificate = 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5BcFe0ssmeKTAJBgU...';
var audience = 'http://your-service.com/';
 

You also need to include a valid and an invalid SAML 2.0 token on test/assets/invalidToken.xml and test/assets/validToken.xml`

 
<Assertion ID="_1308c268-38e2-4849-9957-b7babd4a0659" IssueInstant="2014-03-01T04:04:52.919Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>https://your-issuer.com/</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_1308c268-38e2-4849-9957-b7babd4a0659"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>qJQjAuaj7adyLkl6m3T1oRhtYytu4bebq9JcQObZIu8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>amPTOSqkEq5ppbCyUgGgm....</Assertion>
 

To run the tests use:

$ npm test

License

MIT

Readme

Keywords

Package Sidebar

Install

npm i saml12

Repository

github.com/TqrHsn/saml20

Homepage

github.com/TqrHsn/saml20#readme

Weekly Downloads

1

Version

0.1.2

License

MIT

Unpacked Size

37.7 kB

Total Files

16

Last publish

Collaborators

  • tqrhsn
Try on RunKit
Report malware