Comments (9)
I can reproduce the issue, we'll work on it. In the meantime, you can apply your workaround (if (id) opts.inResponseTo = id;
)
from node-samlp.
Hello @yesvivek
I was reviewing the implementation of the auth function and the ID used as InResponseTo in the SAMLResponse is taken from the SAMLRequest unless you explicit set it as an option
https://github.com/auth0/node-samlp/blob/master/lib/samlp.js#L174-L175
Can you check the following:
- You are not explicitly setting the InResponseTo when calling
samlp.auth(options)
- Your SAMLRequest has different IDs
from node-samlp.
@mcastany , My SAMLRequest has different IDs for each request. Am setting destination
and all REQUIRED options when calling samlp.auth
.
https://github.com/auth0/node-samlp/blob/master/lib/samlp.js#L175
This seems to be causing this issue for me. Changing it to if (id) opts.inResponseTo = id;
works for me.
What do you suggest?
from node-samlp.
Could you please check the value of opts.inResponseTo
before line 175? https://github.com/auth0/node-samlp/blob/master/lib/samlp.js#L175
from node-samlp.
Have added the below line as recommended in above comment.
console.log( "Dom ID: " + id + " VS opts.inResponseTo: " + opts.inResponseTo);
Results after multiple SAMLRequests:
1. Dom ID: id175479885406247111143820862 VS opts.inResponseTo: undefined
2. Dom ID: id13229522944305032913039188 VS opts.inResponseTo: id175479885406247111143820862
3. Dom ID: id175429005758588441628725185 VS opts.inResponseTo: id175479885406247111143820862
4. Dom ID: id175496083313503221789498695 VS opts.inResponseTo: id175479885406247111143820862
from node-samlp.
try with [email protected]
thanks for reporting!
from node-samlp.
Thanks for the quick patch! It works awesome now.
from node-samlp.
But this is incompatible with my Service Provider
do you know why? InResponseTo
contains the ID of the initial SAMLRequest.
from node-samlp.
Don't know. But I close the issue since I saw what creates this id. Thanks.
from node-samlp.
Related Issues (20)
- update xml-crypto dependency HOT 3
- Update saml dependency HOT 1
- Current backwards compatability checks are preventing dependencies from being updated. HOT 2
- Math.random() is not cryptographically secure HOT 1
- Add Organization Details to samlp.metadata
- Request for help
- Dynamically Set Audience
- Uncaught Exception Error in samlp.logout
- Update xml-crypto dependency to solve npm audit issue 1769 HOT 1
- Found Vulnerability ' Improper Input Validation ' and ' Prototype Pollution ' on Synk.io HOT 3
- Npm audit advisories found HOT 1
- Caching suggestion to avoid phantom logons
- Errors do not end up in the express middleware chain
- SP initiated flow
- Missing saml: prefix on Issuer and NameID tags in LogoutRequest HOT 1
- redirectEndpointPath documentation HOT 1
- 401 improvement HOT 1
- SAML assertion signing using HSM
- NPM Release for 3.4.2? HOT 1
- Can I get an example code
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-samlp.