diff --git a/lib/saml11.js b/lib/saml11.js index f359aa54..e7cff041 100644 --- a/lib/saml11.js +++ b/lib/saml11.js @@ -125,6 +125,12 @@ exports.create = function(options, callback) { nameIDs[1].setAttribute('Format', options.nameIdentifierFormat); } + if (options.nameQualifier) { + doc.getElementsByTagName('saml:AttributeStatement')[0] + .getElementsByTagName('saml:NameIdentifier')[0] + .setAttribute('NameQualifier', options.nameQualifier); + } + if (!options.encryptionCert) return sign(options, sig, doc, callback); // encryption is turned on, diff --git a/test/saml11.tests.js b/test/saml11.tests.js index d924c278..df367de1 100644 --- a/test/saml11.tests.js +++ b/test/saml11.tests.js @@ -125,7 +125,7 @@ describe('saml 1.1', function () { var isValid = utils.isValidSignature(signedAssertion, options.cert); assert.equal(true, isValid); - + var attributes = utils.getAttributes(signedAssertion); assert.equal(3, attributes.length); assert.equal('emailaddress', attributes[0].getAttribute('AttributeName')); @@ -169,6 +169,18 @@ describe('saml 1.1', function () { assert.equal('foo', nameIdentifier.textContent); }); + it('should set NameQualifier attribute', function () { + var options = { + cert: fs.readFileSync(__dirname + '/test-auth0.pem'), + key: fs.readFileSync(__dirname + '/test-auth0.key'), + nameQualifier: 'foo' + }; + + var signedAssertion = saml11.create(options); + var nameIdentifier = utils.getNameIdentifier(signedAssertion); + assert.equal('foo', nameIdentifier.getAttribute('NameQualifier'), nameIdentifier); + }); + it('should not contains line breaks', function () { var options = { cert: fs.readFileSync(__dirname + '/test-auth0.pem'), @@ -253,7 +265,7 @@ describe('saml 1.1', function () { }; var signedAssertion = saml11.create(options); var doc = new xmldom.DOMParser().parseFromString(signedAssertion); - + var signature = doc.documentElement.getElementsByTagName('Signature'); assert.equal('saml:Conditions', signature[0].previousSibling.nodeName); @@ -317,7 +329,7 @@ describe('saml 1.1', function () { saml11.create(options, function(err, encrypted) { if (err) return done(err); - + xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) { if (err) return done(err); var isValid = utils.isValidSignature(decrypted, options.cert); @@ -338,10 +350,10 @@ describe('saml 1.1', function () { saml11.create(options, function(err, encrypted, proofSecret) { if (err) return done(err); - + xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) { if (err) return done(err); - + var doc = new xmldom.DOMParser().parseFromString(decrypted); var subjectConfirmationNodes = doc.documentElement.getElementsByTagName('saml:SubjectConfirmation'); assert.equal(2, subjectConfirmationNodes.length); @@ -374,13 +386,13 @@ describe('saml 1.1', function () { saml11.create(options, function(err, encrypted) { if (err) return done(err); - + xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) { if (err) return done(err); var isValid = utils.isValidSignature(decrypted, options.cert); assert.equal(true, isValid); - + var attributes = utils.getAttributes(decrypted); assert.equal(3, attributes.length); assert.equal('emailaddress', attributes[0].getAttribute('AttributeName')); @@ -392,7 +404,7 @@ describe('saml 1.1', function () { assert.equal('testaccent', attributes[2].getAttribute('AttributeName')); assert.equal('http://example.org/claims', attributes[2].getAttribute('AttributeNamespace')); assert.equal('fóo', attributes[2].firstChild.textContent); - + done(); }); });