diff --git a/package-lock.json b/package-lock.json index 594905e..19a5441 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,7 @@ "helmet": "^7.1.0", "passport": "^0.7.0", "passport-azure-ad": "latest", - "saml": "^3.0.1", + "saml": "https://github.com/skat/node-saml.git", "sqlite3": "^5.1.7" }, "devDependencies": { @@ -4536,14 +4536,6 @@ "resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", "integrity": "sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw==" }, - "node_modules/@xmldom/xmldom": { - "version": "0.7.13", - "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.13.tgz", - "integrity": "sha512-lm2GW5PkosIzccsaZIz7tp8cPADSIlIHWDFTR1N0SzfinhhYgeIQjFMz4rYzanCScr3DqQLeomUDArp6MWKm+g==", - "engines": { - "node": ">=10.0.0" - } - }, "node_modules/abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -5792,6 +5784,15 @@ "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" }, + "node_modules/ejs": { + "version": "2.7.4", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", + "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", + "hasInstallScript": true, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/emitter-listener": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/emitter-listener/-/emitter-listener-1.1.2.tgz", @@ -8380,21 +8381,31 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/saml": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/saml/-/saml-3.0.1.tgz", - "integrity": "sha512-bOjVqZcHY8PkdTBD7Y27KHykC7403BEM46SeCq5r0QPNEPE7M7RmWKy7hPjYsID9VNkCNSHYSVrrRS8Y9hNVWA==", + "version": "0.12.1", + "resolved": "git+ssh://git@github.com/skat/node-saml.git#6e3adfe6d837dcbd6ebafbeb8b2c356f99019214", + "license": "MIT", "dependencies": { - "@xmldom/xmldom": "^0.7.4", - "async": "^3.2.4", - "moment": "^2.29.4", + "async": "~0.2.9", + "moment": "2.15.2", "valid-url": "~1.0.9", - "xml-crypto": "^2.1.3", - "xml-encryption": "^2.0.0", + "xml-crypto": "~0.10.1", + "xml-encryption": "0.11.0", "xml-name-validator": "~2.0.1", + "xmldom": "=0.1.15", "xpath": "0.0.5" - }, + } + }, + "node_modules/saml/node_modules/async": { + "version": "0.2.10", + "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz", + "integrity": "sha512-eAkdoKxU6/LkKDBzLpT+t6Ff5EtfSF4wx1WfJiPEEV7WNLnDaRXk0oVysiEPm262roaachGexwUv94WhSgN5TQ==" + }, + "node_modules/saml/node_modules/moment": { + "version": "2.15.2", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.15.2.tgz", + "integrity": "sha512-dv9NAmbJRSckFY2Dt3EcgoUGg85U4AaUvtJQ56k0QFumwqpOK3Huf0pYutSVgCFfN+DekvF4pW45PP9rf6ts7g==", "engines": { - "node": ">=12" + "node": "*" } }, "node_modules/sax": { @@ -9275,42 +9286,61 @@ "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" }, "node_modules/xml-crypto": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-2.1.5.tgz", - "integrity": "sha512-xOSJmGFm+BTXmaPYk8pPV3duKo6hJuZ5niN4uMzoNcTlwYs0jAu/N3qY+ud9MhE4N7eMRuC1ayC7Yhmb7MmAWg==", + "version": "0.10.1", + "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-0.10.1.tgz", + "integrity": "sha512-w64qUhByslUJ9D9nwfCyRUCXfVWA5WdzHevHT3BwAig2KOsDNYcuvE2soGUGUs0qp9cy+vGG6B/Ap8qCXPLN/g==", "dependencies": { - "@xmldom/xmldom": "^0.7.9", - "xpath": "0.0.32" + "xmldom": "=0.1.19", + "xpath.js": ">=0.0.3" }, "engines": { "node": ">=0.4.0" } }, - "node_modules/xml-crypto/node_modules/xpath": { - "version": "0.0.32", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", - "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", + "node_modules/xml-crypto/node_modules/xmldom": { + "version": "0.1.19", + "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.19.tgz", + "integrity": "sha512-pDyxjQSFQgNHkU+yjvoF+GXVGJU7e9EnOg/KcGMDihBIKjTsOeDYaECwC/O9bsUWKY+Sd9izfE43JXC46EOHKA==", + "deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0", "engines": { - "node": ">=0.6.0" + "node": ">=0.1" } }, "node_modules/xml-encryption": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-2.0.0.tgz", - "integrity": "sha512-4Av83DdvAgUQQMfi/w8G01aJshbEZP9ewjmZMpS9t3H+OCZBDvyK4GJPnHGfWiXlArnPbYvR58JB9qF2x9Ds+Q==", + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.0.tgz", + "integrity": "sha512-x1JasxeZdTHdyIeBWEn5Mwq+rgDEWR9dgEoA5h340HYzR1uSEvvAfQ/6SVKJEpvlvuMdBzgRanoWehCVgtJjnw==", "dependencies": { - "@xmldom/xmldom": "^0.7.0", - "escape-html": "^1.0.3", - "xpath": "0.0.32" + "async": "^2.1.5", + "ejs": "^2.5.6", + "node-forge": "^0.7.0", + "xmldom": "~0.1.15", + "xpath": "0.0.24" }, "engines": { - "node": ">=12" + "node": ">=0.10" + } + }, + "node_modules/xml-encryption/node_modules/async": { + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz", + "integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==", + "dependencies": { + "lodash": "^4.17.14" + } + }, + "node_modules/xml-encryption/node_modules/node-forge": { + "version": "0.7.6", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz", + "integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==", + "engines": { + "node": "*" } }, "node_modules/xml-encryption/node_modules/xpath": { - "version": "0.0.32", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", - "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", + "version": "0.0.24", + "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.24.tgz", + "integrity": "sha512-xUsra70vEDlxu0T90+qkg/8/KvPPm4KQbh25yMZCpBABBkdQLaOLNsgzRAUax7wlWZt7Ka5Q+itg/TPzzHieVQ==", "engines": { "node": ">=0.6.0" } @@ -9348,6 +9378,15 @@ "node": ">=8.0" } }, + "node_modules/xmldom": { + "version": "0.1.15", + "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.15.tgz", + "integrity": "sha512-ssWmE9kBZudhl4iPLmXqaShPuASNKIQIikBzsloOjZqMyfbuQRn/ggz0k9NDa9YFI3+oFvp8t7TsqwmZLTvpoA==", + "deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0", + "engines": { + "node": ">=0.1" + } + }, "node_modules/xpath": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.5.tgz", @@ -9356,6 +9395,14 @@ "node": ">=0.6.0" } }, + "node_modules/xpath.js": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/xpath.js/-/xpath.js-1.1.0.tgz", + "integrity": "sha512-jg+qkfS4K8E7965sqaUl8mRngXiKb3WZGfONgE18pr03FUQiuSV6G+Ej4tS55B+rIQSFEIw3phdVAQ4pPqNWfQ==", + "engines": { + "node": ">=0.4.0" + } + }, "node_modules/yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", diff --git a/package.json b/package.json index 7fe45f6..6f2a75e 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "helmet": "^7.1.0", "passport": "^0.7.0", "passport-azure-ad": "latest", - "saml": "^3.0.1", + "saml": "https://github.com/skat/node-saml.git", "sqlite3": "^5.1.7" }, "devDependencies": { diff --git a/srv/saml-service.js b/srv/saml-service.js index cb02a63..22eb05b 100644 --- a/srv/saml-service.js +++ b/srv/saml-service.js @@ -2,7 +2,7 @@ const cds = require("@sap/cds"); const LOG = cds.log("saml-service"); const fs = require("fs"); -var saml = require("saml").Saml20; // or Saml11 +var saml = require("saml").Saml11; // Saml20 or Saml11 module.exports = class SamlService extends cds.Service { init() { @@ -11,7 +11,9 @@ module.exports = class SamlService extends cds.Service { key: fs.readFileSync("./certificates/idp.example.com-key.pem").toString(), issuer: "https://idp.example.com", lifetimeInSeconds: 600, + offset: 60, audiences: "http://A4H", + subjectConfirmationMethod: "sender-vouches", attributes: { "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "Gregor Wolf",