From cac850c704c3545a9841ce6f414513317b497249 Mon Sep 17 00:00:00 2001 From: rrenkert Date: Fri, 12 Apr 2024 16:42:15 +0200 Subject: [PATCH] Add 'allowCreate: false' to sp config and downgraded smalify (#343) * samlify sets an empty string as default for AllowCreate in authn request which leads to errors in some IdPs. * samlify in 2.8.11 does not recognize the AllowCreate attribute so it is downgraded to 2.8.10 (https://github.com/tngan/samlify/issues/538) Co-authored-by: peb-adr --- auth/package-lock.json | 26 +++++-------------- auth/package.json | 2 +- .../express/controllers/saml-controller.ts | 3 ++- 3 files changed, 10 insertions(+), 21 deletions(-) diff --git a/auth/package-lock.json b/auth/package-lock.json index f0649354..e3abeeac 100644 --- a/auth/package-lock.json +++ b/auth/package-lock.json @@ -22,7 +22,7 @@ "jsonwebtoken": "^9.0.2", "response-time": "^2.3.2", "rest-app": "^1.0.0-alpha.9", - "samlify": "^2.8.11", + "samlify": "2.8.10", "tslib": "^2.6.2" }, "devDependencies": { @@ -7622,9 +7622,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/samlify": { - "version": "2.8.11", - "resolved": "https://registry.npmjs.org/samlify/-/samlify-2.8.11.tgz", - "integrity": "sha512-EDO9CMba0rtHSek2NyUcS8brIxK1E521X5fT+1qLKTRkm1dddITeuPqU8/by4Lcf95ngMKjsn5Z600eVhXDqxQ==", + "version": "2.8.10", + "resolved": "https://registry.npmjs.org/samlify/-/samlify-2.8.10.tgz", + "integrity": "sha512-g2M1Qq2uL7GHtmBRaTVYcJD0Vb+XOyvXHsPARHCoqQ54Vp7m5h3NMUGzvLEIFGujxaamyM3BhEi9fdVAkJMvHw==", "dependencies": { "@authenio/xml-encryption": "^2.0.2", "@xmldom/xmldom": "^0.8.6", @@ -7635,7 +7635,6 @@ "uuid": "^8.3.2", "xml": "^1.0.1", "xml-crypto": "^3.0.1", - "xml-escape": "^1.1.0", "xpath": "^0.0.32" } }, @@ -8612,11 +8611,6 @@ "node": ">=0.4.0" } }, - "node_modules/xml-escape": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/xml-escape/-/xml-escape-1.1.0.tgz", - "integrity": "sha512-B/T4sDK8Z6aUh/qNr7mjKAwwncIljFuUP+DO/D5hloYFj+90O88z8Wf7oSucZTHxBAsC1/CTP4rtx/x1Uf72Mg==" - }, "node_modules/xpath": { "version": "0.0.32", "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", @@ -14368,9 +14362,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "samlify": { - "version": "2.8.11", - "resolved": "https://registry.npmjs.org/samlify/-/samlify-2.8.11.tgz", - "integrity": "sha512-EDO9CMba0rtHSek2NyUcS8brIxK1E521X5fT+1qLKTRkm1dddITeuPqU8/by4Lcf95ngMKjsn5Z600eVhXDqxQ==", + "version": "2.8.10", + "resolved": "https://registry.npmjs.org/samlify/-/samlify-2.8.10.tgz", + "integrity": "sha512-g2M1Qq2uL7GHtmBRaTVYcJD0Vb+XOyvXHsPARHCoqQ54Vp7m5h3NMUGzvLEIFGujxaamyM3BhEi9fdVAkJMvHw==", "requires": { "@authenio/xml-encryption": "^2.0.2", "@xmldom/xmldom": "^0.8.6", @@ -14381,7 +14375,6 @@ "uuid": "^8.3.2", "xml": "^1.0.1", "xml-crypto": "^3.0.1", - "xml-escape": "^1.1.0", "xpath": "^0.0.32" }, "dependencies": { @@ -15091,11 +15084,6 @@ "xpath": "0.0.32" } }, - "xml-escape": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/xml-escape/-/xml-escape-1.1.0.tgz", - "integrity": "sha512-B/T4sDK8Z6aUh/qNr7mjKAwwncIljFuUP+DO/D5hloYFj+90O88z8Wf7oSucZTHxBAsC1/CTP4rtx/x1Uf72Mg==" - }, "xpath": { "version": "0.0.32", "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", diff --git a/auth/package.json b/auth/package.json index 17250b4b..deae83da 100644 --- a/auth/package.json +++ b/auth/package.json @@ -72,7 +72,7 @@ "jsonwebtoken": "^9.0.2", "response-time": "^2.3.2", "rest-app": "^1.0.0-alpha.9", - "samlify": "^2.8.11", + "samlify": "2.8.10", "tslib": "^2.6.2" } } diff --git a/auth/src/express/controllers/saml-controller.ts b/auth/src/express/controllers/saml-controller.ts index 92166998..1f818942 100644 --- a/auth/src/express/controllers/saml-controller.ts +++ b/auth/src/express/controllers/saml-controller.ts @@ -197,7 +197,8 @@ export class SamlController { }); return samlify.ServiceProvider({ metadata: (await this.getSamlSettings()).saml_metadata_sp, - privateKey: (await this.getSamlSettings()).saml_private_key + privateKey: (await this.getSamlSettings()).saml_private_key, + allowCreate: false }); }