Added method to generate authn xml without including a signature.

Kinvey · Nov 29, 2018 · 02ab559 · 02ab559
1 parent 3a8dda1
commit 02ab559
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/lib/saml2.coffee b/lib/saml2.coffee
@@ -582,6 +582,16 @@ module.exports.ServiceProvider =
       { id, xml } = create_authn_request @entity_id, @assert_endpoint, identity_provider.sso_login_url, options.force_authn, options.auth_context, options.nameid_format
       return sign_authn_request(xml, @private_key, options)
 
+    # Returns:
+    #   An xml string with an AuthnRequest without an embedded signature
+    # Params:
+    #   identity_provider
+    #   options
+    create_authn_request_xml_no_signature: (identity_provider, options) ->
+      options = set_option_defaults options, identity_provider.shared_options, @shared_options
+      { id, xml } = create_authn_request @entity_id, @assert_endpoint, identity_provider.sso_login_url, options.force_authn, options.auth_context, options.nameid_format
+      return xml
+
     # Returns:
     #   An object containing the parsed response for a redirect assert.
     #   This type of assert inflates the response before parsing it.

diff --git a/test/saml2.coffee b/test/saml2.coffee
@@ -1168,5 +1168,22 @@ describe 'saml2', ->
       method = dom.getElementsByTagName('SignatureMethod')[0]
       assert.equal method.attributes[0].value, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
 
+    it 'can create a unsigned AuthnRequest xml document', () ->
+      sp_options =
+        entity_id: 'https://sp.example.com/metadata.xml'
+        private_key: get_test_file('test.pem')
+        certificate: get_test_file('test.crt')
+        assert_endpoint: 'https://sp.example.com/assert'
+      idp_options =
+        sso_login_url: 'https://idp.example.com/login'
+        sso_logout_url:  'https://idp.example.com/logout'
+        certificates: 'other_service_cert'
+      sp = new saml2.ServiceProvider sp_options
+      idp = new saml2.IdentityProvider idp_options
+      xml = sp.create_authn_request_xml_no_signature(idp)
+      dom = (new xmldom.DOMParser()).parseFromString xml
+      method = dom.getElementsByTagName('SignatureMethod')[0]
+      assert.equal method, null
+
     it 'can create metadata', (done) ->
       done()