diff --git a/lib/samlp.js b/lib/samlp.js index 63795aa..1895448 100644 --- a/lib/samlp.js +++ b/lib/samlp.js @@ -64,21 +64,47 @@ function buildSamlResponse(options) { idAttribute: 'ID' }); + var transforms = []; + + if (!options.signAssertion) { + transforms.push("http://www.w3.org/2000/09/xmldsig#enveloped-signature"); + } + + transforms.push("http://www.w3.org/2001/10/xml-exc-c14n#"); + sig.addReference( "//*[local-name(.)='Response' and namespace-uri(.)='urn:oasis:names:tc:SAML:2.0:protocol']", - ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"], + transforms, algorithms.digest[options.digestAlgorithm]); sig.signingKey = options.key; var pem = encoders.removeHeaders(options.cert); + + var dsPrefix = ''; + if (options.addDsPrefix) { + dsPrefix = 'ds:'; + } + sig.keyInfoProvider = { getKeyInfo: function () { - return "" + pem + ""; + return "<" + dsPrefix + "X509Data><" + dsPrefix + "X509Certificate>" + pem + ""; } }; - sig.computeSignature(cannonicalized); + var sigOpts = { + location: { + reference: options.xpathToNodeBeforeSignature || "//*[local-name(.)='Issuer']", + action: 'after' + } + } + + if (options.addDsPrefix) { + sigOpts.prefix = 'ds'; + } + + sig.computeSignature(cannonicalized, sigOpts); + SAMLResponse = sig.getSignedXml(); } @@ -114,7 +140,8 @@ function getSamlResponse(options, user, callback) { authnContextClassRef: options.authnContextClassRef, encryptionPublicKey: options.encryptionPublicKey, encryptionCert: options.encryptionCert, - sessionIndex: options.sessionIndex + sessionIndex: options.sessionIndex, + addDsPrefix: options.addDsPrefix }, function (err, signedAssertion) { if (err) return callback(err);