UNPKG

passport-saml

Version:

SAML 2.0 authentication strategy for Passport

github.com/node-saml/passport-saml

node-saml/passport-saml

78 lines (77 loc) 3.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/// <reference types="node" /> import * as querystring from "querystring"; import { CacheProvider as InMemoryCacheProvider } from "./inmemory-cache-provider"; import { ParsedQs } from "qs"; import { SamlOptions } from "./types"; import { AuthenticateOptions, AuthorizeOptions, Profile, SamlConfig } from "../passport-saml/types"; interface NameID { value: string | null; format: string | null; } declare class SAML { options: SamlOptions; cacheProvider: InMemoryCacheProvider; constructor(ctorOptions: SamlConfig); initialize(ctorOptions: SamlConfig): SamlOptions; private getCallbackUrl; _generateUniqueID(): string; private generateInstant; private signRequest; private generateAuthorizeRequestAsync; _generateLogoutRequest(user: Profile): Promise<string>; _generateLogoutResponse(logoutRequest: Profile): string; _requestToUrlAsync(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery): Promise<string>; _getAdditionalParams(RelayState: string, operation: string, overrideParams?: querystring.ParsedUrlQuery): querystring.ParsedUrlQuery; getAuthorizeUrlAsync(RelayState: string, host: string | undefined, options: AuthorizeOptions): Promise<string>; getAuthorizeFormAsync(RelayState: string, host?: string): Promise<string>; getLogoutUrlAsync(user: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions): Promise<string>; getLogoutResponseUrl(samlLogoutRequest: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void; private getLogoutResponseUrlAsync; _certToPEM(cert: string): string; private certsToCheck; validateSignature(fullXml: string, currentNode: Element, certs: string[]): boolean; validatePostResponseAsync(container: Record<string, string>): Promise<{ profile?: Profile | null; loggedOut?: boolean; }>; private validateInResponseTo; validateRedirectAsync(container: ParsedQs, originalQuery: string | null): Promise<{ profile?: Profile | null; loggedOut?: boolean; }>; private hasValidSignatureForRedirect; private validateSignatureForRedirect; private verifyLogoutRequest; private verifyLogoutResponse; private verifyIssuer; private processValidlySignedAssertionAsync; private checkTimestampsValidityError; private checkAudienceValidityError; validatePostRequestAsync(container: Record<string, string>): Promise<{ profile?: Profile; loggedOut?: boolean; }>; _getNameIdAsync(self: SAML, doc: Node): Promise<NameID>; generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string; _keyToPEM(key: string | Buffer): typeof key extends string | Buffer ? string | Buffer : Error; /** * Process max age assertion and use it if it is more restrictive than the NotOnOrAfter age * assertion received in the SAMLResponse. * * @param maxAssertionAgeMs Max time after IssueInstant that we will accept assertion, in Ms. * @param notOnOrAfter Expiration provided in response. * @param issueInstant Time when response was issued. * @returns {*} The expiration time to be used, in Ms. */ private processMaxAgeAssertionTime; /** * Convert a date string to a timestamp (in milliseconds). * * @param dateString A string representation of a date * @param label Descriptive name of the date being passed in, e.g. "NotOnOrAfter" * @throws Will throw an error if parsing `dateString` returns `NaN` * @returns {number} The timestamp (in milliseconds) representation of the given date */ private dateStringToTimestamp; } export { SAML };