refactor: refactor code

packages/core/src/saml-applications/libraries/consts.ts

@@ -20,3 +20,17 @@ export const samlLogInResponseTemplate = `
     {AttributeStatement}
   </saml:Assertion>
 </samlp:Response>`;
+
+export const samlAttributeNameFormatBasic = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic';
+
+const samlValueXmlnsXsiString = 'xs:string';
+const samlValueXmlnsXsiInteger = 'xsd:integer';
+const samlValueXmlnsXsiBoolean = 'xsd:boolean';
+const samlValueXmlnsXsiDatetime = 'xsd:dateTime';
+
+export const samlValueXmlnsXsi = {
+  string: samlValueXmlnsXsiString,
+  integer: samlValueXmlnsXsiInteger,
+  boolean: samlValueXmlnsXsiBoolean,
+  datetime: samlValueXmlnsXsiDatetime,
+};

packages/core/src/saml-applications/routes/anonymous.ts

@@ -9,7 +9,7 @@ import { fetchOidcConfig, getUserInfo } from '#src/sso/OidcConnector/utils.js';
 import { SsoConnectorError } from '#src/sso/types/error.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { samlLogInResponseTemplate } from '../libraries/consts.js';
+import { samlLogInResponseTemplate, samlAttributeNameFormatBasic,samlValueXmlnsXsi } from '../libraries/consts.js';
 
 import { exchangeAuthorizationCode, generateAutoSubmitForm, createSamlResponse } from './utils.js';
 
@@ -129,14 +129,14 @@ export default function samlApplicationAnonymousRoutes<T extends AnonymousRouter
             {
               name: 'email',
               valueTag: 'email',
-              nameFormat: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+              nameFormat: samlAttributeNameFormatBasic,
-              valueXsiType: 'xs:string',
+              valueXsiType: samlValueXmlnsXsi['string'],
             },
             {
               name: 'name',
               valueTag: 'name',
-              nameFormat: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+              nameFormat: samlAttributeNameFormatBasic,
-              valueXsiType: 'xs:string',
+              valueXsiType: samlValueXmlnsXsi['string'],
             },
           ],
         },

packages/core/src/saml-applications/routes/utils.ts

@@ -35,13 +35,22 @@ const createSamlTemplateCallback =
       Issuer: idp.entityMeta.getEntityID(),
       IssueInstant: now.toISOString(),
       AssertionConsumerServiceURL: assertionConsumerServiceUrl,
-      StatusCode: 'urn:oasis:names:tc:SAML:2.0:status:Success',
+      StatusCode: saml.Constants.StatusCode.Success,
       ConditionsNotBefore: now.toISOString(),
       ConditionsNotOnOrAfter: expireAt.toISOString(),
       SubjectConfirmationDataNotOnOrAfter: expireAt.toISOString(),
       NameIDFormat: selectedNameIDFormat,
       NameID: user.sub,
       InResponseTo: 'null',
+      /**
+       * User attributes for SAML response
+       *
+       * @todo Support custom attribute mapping
+       * @see {@link https://github.com/tngan/samlify/blob/master/src/libsaml.ts#L275-L300|samlify implementation}
+       *
+       * @remarks
+       * By examining the code provided in the link above, we can define all the attributes supported by the attribute mapping here. Only the attributes defined in the `loginResponseTemplate.attributes` added when creating the IdP instance will appear in the SAML response.
+       */
       attrEmail: user.email,
       attrName: user.name,
     };