Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00
Code Issues Activity

fix(connector): fix saml connector response guard (#4380)

Browse source 
* fix(connector): fix saml connector response guard

fix saml connector response guard

* fix(connector): set SAML signInEndpoint optional

set SAML signInEndpoitn optional
This commit is contained in:
simeng-li 2023-08-21 17:02:56 +08:00 committed by GitHub
parent fb6ddb4a98
commit 2a92d28c05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
packages/connectors/connector-saml/README.md
View file

@ -1,6 +1,5 @@
# SAML connector
## Get started
SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP). It allows users to authenticate with one system and then access resources in another system without having to re-enter their credentials. SAML is commonly used in enterprise environments and in federation scenarios, where multiple organizations need to share user authentication and authorization information.
@ -29,7 +28,7 @@ In this section, we will introduce each attribute in detail.
`entityID` (i.e. `issuer`) is Entity identifier. It is used to identify your entity (SAML SP entity), and match the equivalence in each SAML request/response.
### signInEndpoint `Required`
### signInEndpoint
The IdP's endpoint that you send SAML authentication requests to. Usually, you can find this value in IdP details page (i.e. IdP's `SSO URL` or `Login URL`).
@ -116,8 +115,8 @@ Logto also provide a `profileMap` field that users can customize the mapping fro
### Config types
| Name | Type | Required | Default Value |
|-----------------------------|------------|----------|---------------|
| signInEndpoint | string | true | |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------------- |
| signInEndpoint | string | false | |
| x509certificate | string | true | |
| idpMetadataXml | string | true | |
| entityID | string | true | |
@ -133,7 +132,7 @@ Logto also provide a `profileMap` field that users can customize the mapping fro
| profileMap | ProfileMap | false | |
| ProfileMap fields | Type | Required | Default value |
|-------------------|--------|----------|---------------|
| ----------------- | ------ | -------- | ------------- |
| id | string | false | id |
| name | string | false | name |
| avatar | string | false | avatar |
@ -142,5 +141,5 @@ Logto also provide a `profileMap` field that users can customize the mapping fro
## Reference
* [Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0](http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf)
* [samlify - Highly configuarable Node.js SAML 2.0 library for Single Sign On](https://github.com/tngan/samlify)
- [Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0](http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf)
- [samlify - Highly configuarable Node.js SAML 2.0 library for Single Sign On](https://github.com/tngan/samlify)

2
packages/connectors/connector-saml/src/constant.ts
View file

@ -14,7 +14,7 @@ export const formItems: ConnectorConfigFormItem[] = [
type: ConnectorConfigFormItemType.Text,
label: 'IdP Single Sign-On URL',
key: 'signInEndpoint',
required: true,
required: false,
},
{
type: ConnectorConfigFormItemType.MultilineText,

2
packages/connectors/connector-saml/src/index.ts
View file

@ -148,7 +148,7 @@ const getUserInfo =
);
const { extractedRawProfile } = await getSession();
const extractedRawProfileGuard = z.record(z.string());
const extractedRawProfileGuard = z.record(z.string().or(z.array(z.string())));
const rawProfileParseResult = extractedRawProfileGuard.safeParse(extractedRawProfile);
if (!rawProfileParseResult.success) {

2
packages/connectors/connector-saml/src/types.ts
View file

@ -45,7 +45,7 @@ export type ProfileMap = z.infer<typeof profileMapGuard>;
export const samlConfigGuard = z
.object({
entityID: z.string(),
signInEndpoint: z.string(),
signInEndpoint: z.string().optional(),
x509Certificate: z.string(),
idpMetadataXml: z.string(),
assertionConsumerServiceUrl: z.string(),