Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00
Code Issues Activity

fix(connector): fix saml connector response guard (#4380)

Browse source 
* fix(connector): fix saml connector response guard

fix saml connector response guard

* fix(connector): set SAML signInEndpoint optional

set SAML signInEndpoitn optional
This commit is contained in:
simeng-li 2023-08-21 17:02:56 +08:00 committed by GitHub
parent fb6ddb4a98
commit 2a92d28c05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
packages/connectors/connector-saml/README.md
View file

@ -1,6 +1,5 @@
# SAML connector # SAML connector
## Get started ## Get started
SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP). It allows users to authenticate with one system and then access resources in another system without having to re-enter their credentials. SAML is commonly used in enterprise environments and in federation scenarios, where multiple organizations need to share user authentication and authorization information. SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP). It allows users to authenticate with one system and then access resources in another system without having to re-enter their credentials. SAML is commonly used in enterprise environments and in federation scenarios, where multiple organizations need to share user authentication and authorization information.
@ -29,7 +28,7 @@ In this section, we will introduce each attribute in detail.
`entityID` (i.e. `issuer`) is Entity identifier. It is used to identify your entity (SAML SP entity), and match the equivalence in each SAML request/response. `entityID` (i.e. `issuer`) is Entity identifier. It is used to identify your entity (SAML SP entity), and match the equivalence in each SAML request/response.
### signInEndpoint `Required` ### signInEndpoint
The IdP's endpoint that you send SAML authentication requests to. Usually, you can find this value in IdP details page (i.e. IdP's `SSO URL` or `Login URL`). The IdP's endpoint that you send SAML authentication requests to. Usually, you can find this value in IdP details page (i.e. IdP's `SSO URL` or `Login URL`).
@ -116,8 +115,8 @@ Logto also provide a `profileMap` field that users can customize the mapping fro
### Config types ### Config types
| Name | Type | Required | Default Value | | Name | Type | Required | Default Value |
|-----------------------------|------------|----------|---------------| | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------------- |
| signInEndpoint | string | true | | | signInEndpoint | string | false | |
| x509certificate | string | true | | | x509certificate | string | true | |
| idpMetadataXml | string | true | | | idpMetadataXml | string | true | |
| entityID | string | true | | | entityID | string | true | |
@ -133,7 +132,7 @@ Logto also provide a `profileMap` field that users can customize the mapping fro
| profileMap | ProfileMap | false | | | profileMap | ProfileMap | false | |
| ProfileMap fields | Type | Required | Default value | | ProfileMap fields | Type | Required | Default value |
|-------------------|--------|----------|---------------| | ----------------- | ------ | -------- | ------------- |
| id | string | false | id | | id | string | false | id |
| name | string | false | name | | name | string | false | name |
| avatar | string | false | avatar | | avatar | string | false | avatar |
@ -142,5 +141,5 @@ Logto also provide a `profileMap` field that users can customize the mapping fro
## Reference ## Reference
* [Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0](http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf) - [Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0](http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf)
* [samlify - Highly configuarable Node.js SAML 2.0 library for Single Sign On](https://github.com/tngan/samlify) - [samlify - Highly configuarable Node.js SAML 2.0 library for Single Sign On](https://github.com/tngan/samlify)

2
packages/connectors/connector-saml/src/constant.ts
View file

@ -14,7 +14,7 @@ export const formItems: ConnectorConfigFormItem[] = [
type: ConnectorConfigFormItemType.Text, type: ConnectorConfigFormItemType.Text,
label: 'IdP Single Sign-On URL', label: 'IdP Single Sign-On URL',
key: 'signInEndpoint', key: 'signInEndpoint',
required: true, required: false,
}, },
{ {
type: ConnectorConfigFormItemType.MultilineText, type: ConnectorConfigFormItemType.MultilineText,

2
packages/connectors/connector-saml/src/index.ts
View file

@ -148,7 +148,7 @@ const getUserInfo =
); );
const { extractedRawProfile } = await getSession(); const { extractedRawProfile } = await getSession();
const extractedRawProfileGuard = z.record(z.string()); const extractedRawProfileGuard = z.record(z.string().or(z.array(z.string())));
const rawProfileParseResult = extractedRawProfileGuard.safeParse(extractedRawProfile); const rawProfileParseResult = extractedRawProfileGuard.safeParse(extractedRawProfile);
if (!rawProfileParseResult.success) { if (!rawProfileParseResult.success) {

2
packages/connectors/connector-saml/src/types.ts
View file

@ -45,7 +45,7 @@ export type ProfileMap = z.infer<typeof profileMapGuard>;
export const samlConfigGuard = z export const samlConfigGuard = z
.object({ .object({
entityID: z.string(), entityID: z.string(),
signInEndpoint: z.string(), signInEndpoint: z.string().optional(),
x509Certificate: z.string(), x509Certificate: z.string(),
idpMetadataXml: z.string(), idpMetadataXml: z.string(),
assertionConsumerServiceUrl: z.string(), assertionConsumerServiceUrl: z.string(),