Skip to content

Commit

Permalink
Only add NameIdPolicy if NameIdFormat is set (#2)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbishel
sbishel authored Oct 7, 2020
1 parent 8380e0f commit 4e9a72d
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 3 deletions.
8 changes: 5 additions & 3 deletions build_request.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,11 @@ func (sp *SAMLServiceProvider) buildAuthnRequest(includeSig bool) (*etree.Docume
authnRequest.CreateElement("saml:Issuer").SetText(sp.IdentityProviderIssuer)
}

nameIdPolicy := authnRequest.CreateElement("samlp:NameIDPolicy")
nameIdPolicy.CreateAttr("AllowCreate", "true")
nameIdPolicy.CreateAttr("Format", sp.NameIdFormat)
if sp.NameIdFormat != "" {
nameIdPolicy := authnRequest.CreateElement("samlp:NameIDPolicy")
nameIdPolicy.CreateAttr("AllowCreate", "true")
nameIdPolicy.CreateAttr("Format", sp.NameIdFormat)
}

if sp.RequestedAuthnContext != nil {
requestedAuthnContext := authnRequest.CreateElement("samlp:RequestedAuthnContext")
Expand Down
45 changes: 45 additions & 0 deletions build_request_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,3 +175,48 @@ func TestScopingIDProviderOmitted(t *testing.T) {
require.Nil(t, el)
}
}

func TestScopingNameIDPolicyIncluded(t *testing.T) {
spURL := "https://sp.test"
sp := SAMLServiceProvider{
AssertionConsumerServiceURL: spURL,
AudienceURI: spURL,
IdentityProviderIssuer: spURL,
IdentityProviderSSOURL: "https://idp.test/saml/sso",
SignAuthnRequests: false,
NameIdFormat: NameIdFormatPersistent,
}

request, err := sp.BuildAuthRequest()
require.NoError(t, err)

doc := etree.NewDocument()
err = doc.ReadFromString(request)
require.NoError(t, err)

idpEntry := doc.FindElement("./AuthnRequest/NameIDPolicy")

require.Equal(t, idpEntry.SelectAttrValue("Format", ""), NameIdFormatPersistent)
}

func TestScopingNameIDPolicyOmitted(t *testing.T) {
spURL := "https://sp.test"

sp := SAMLServiceProvider{
AssertionConsumerServiceURL: spURL,
AudienceURI: spURL,
IdentityProviderIssuer: spURL,
IdentityProviderSSOURL: "https://idp.test/saml/sso",
SignAuthnRequests: false,
}

request, err := sp.BuildAuthRequest()
require.NoError(t, err)

doc := etree.NewDocument()
err = doc.ReadFromString(request)
require.NoError(t, err)

el := doc.FindElement("./AuthnRequest/NameIDPolicy")
require.Nil(t, el)
}

0 comments on commit 4e9a72d

Please sign in to comment.