-
|
So I am creating an Idp using firebase and passport-saml. I keep getting this error:
now the error has to do with the code looking for LogoutRequest value from the incoming request. my request is not coming with that. I am creating this request a SP called edApp.com. Is it normal that the request doesnt have one normally? is there something I am missing? These lines give me the error:
since the LogoutRequest is null it is throwing an error This is what the request looks like: |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
If you run content of your URL's
the result is: <?xml version="1.0"?>
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_e004341d8464627224a2"
Version="2.0"
IssueInstant="2023-09-01T20:45:51.509Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="https://api.edapp.com/sso-saml-callback/jointhru"
Destination="https://martindev.loca.lt/ed-app-thru-portal/us-central1/samlApp"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://admin.edapp.com</saml:Issuer>
<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>due some reason you are feeding authnentication request to passport-saml. Passport-saml is not IdP. It - passport-saml - is not capable to handle authn requests. It only sends those to IdP. Only SAML request type that passport-saml has support is LogoutRequest i.e. IdP initiated SLO case (and that support does not handle all the cases out of the box (#419)). So because passport-saml only knows one SAML request type message (LogoutRequest) and without looking at passport-saml implementation I assume that passport-saml assumes that request is LogoutRequest. If you want to implement IdP you have to look for some other SAML library. NOTE: you should not paste any SAML messages as-is to internet. Especially do not paste encoded or decoded unsanitized authentication responses. Instead use e.g. tools provided by linux (base64, xmllint, etc.) to do aforementioned stuff locally or use e.g. saml plugins with your browser. I took liberty to paste your message to aforementioned services because you had already exposed it to whole world and based on length it was not going to be authentication response with possible sensitive information (and because I do not have access to bash or any programming language at the time of writing this comment). |
Beta Was this translation helpful? Give feedback.
-
|
Okay thank you!!!... maybe beyond the scope of this q and a but do you have any recommendations for js libraries I could use to create an idp?? |
Beta Was this translation helpful? Give feedback.
If you run content of your URL's
SAMLRequestquery parameter through this ”pipeline”:the result is: