diff --git a/.gitignore b/.gitignore
index fd7b9e0..2282692 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,5 @@ connection.properties
_out
default-*.json
.env
+
+certificates/
diff --git a/package-lock.json b/package-lock.json
index 09417e9..594905e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -23,6 +23,7 @@
"helmet": "^7.1.0",
"passport": "^0.7.0",
"passport-azure-ad": "latest",
+ "saml": "^3.0.1",
"sqlite3": "^5.1.7"
},
"devDependencies": {
@@ -4535,6 +4536,14 @@
"resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz",
"integrity": "sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw=="
},
+ "node_modules/@xmldom/xmldom": {
+ "version": "0.7.13",
+ "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.13.tgz",
+ "integrity": "sha512-lm2GW5PkosIzccsaZIz7tp8cPADSIlIHWDFTR1N0SzfinhhYgeIQjFMz4rYzanCScr3DqQLeomUDArp6MWKm+g==",
+ "engines": {
+ "node": ">=10.0.0"
+ }
+ },
"node_modules/abbrev": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
@@ -8370,6 +8379,24 @@
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
},
+ "node_modules/saml": {
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/saml/-/saml-3.0.1.tgz",
+ "integrity": "sha512-bOjVqZcHY8PkdTBD7Y27KHykC7403BEM46SeCq5r0QPNEPE7M7RmWKy7hPjYsID9VNkCNSHYSVrrRS8Y9hNVWA==",
+ "dependencies": {
+ "@xmldom/xmldom": "^0.7.4",
+ "async": "^3.2.4",
+ "moment": "^2.29.4",
+ "valid-url": "~1.0.9",
+ "xml-crypto": "^2.1.3",
+ "xml-encryption": "^2.0.0",
+ "xml-name-validator": "~2.0.1",
+ "xpath": "0.0.5"
+ },
+ "engines": {
+ "node": ">=12"
+ }
+ },
"node_modules/sax": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz",
@@ -9247,6 +9274,52 @@
"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
"integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
},
+ "node_modules/xml-crypto": {
+ "version": "2.1.5",
+ "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-2.1.5.tgz",
+ "integrity": "sha512-xOSJmGFm+BTXmaPYk8pPV3duKo6hJuZ5niN4uMzoNcTlwYs0jAu/N3qY+ud9MhE4N7eMRuC1ayC7Yhmb7MmAWg==",
+ "dependencies": {
+ "@xmldom/xmldom": "^0.7.9",
+ "xpath": "0.0.32"
+ },
+ "engines": {
+ "node": ">=0.4.0"
+ }
+ },
+ "node_modules/xml-crypto/node_modules/xpath": {
+ "version": "0.0.32",
+ "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz",
+ "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==",
+ "engines": {
+ "node": ">=0.6.0"
+ }
+ },
+ "node_modules/xml-encryption": {
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-2.0.0.tgz",
+ "integrity": "sha512-4Av83DdvAgUQQMfi/w8G01aJshbEZP9ewjmZMpS9t3H+OCZBDvyK4GJPnHGfWiXlArnPbYvR58JB9qF2x9Ds+Q==",
+ "dependencies": {
+ "@xmldom/xmldom": "^0.7.0",
+ "escape-html": "^1.0.3",
+ "xpath": "0.0.32"
+ },
+ "engines": {
+ "node": ">=12"
+ }
+ },
+ "node_modules/xml-encryption/node_modules/xpath": {
+ "version": "0.0.32",
+ "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz",
+ "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==",
+ "engines": {
+ "node": ">=0.6.0"
+ }
+ },
+ "node_modules/xml-name-validator": {
+ "version": "2.0.1",
+ "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-2.0.1.tgz",
+ "integrity": "sha512-jRKe/iQYMyVJpzPH+3HL97Lgu5HrCfii+qSo+TfjKHtOnvbnvdVfMYrn9Q34YV81M2e5sviJlI6Ko9y+nByzvA=="
+ },
"node_modules/xml2js": {
"version": "0.6.2",
"resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz",
@@ -9275,6 +9348,14 @@
"node": ">=8.0"
}
},
+ "node_modules/xpath": {
+ "version": "0.0.5",
+ "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.5.tgz",
+ "integrity": "sha512-Y1Oyy8lyIDwWpmKIWBF0RZrQOP1fzE12G0ekSB1yzKPtbAdCI5sBCqBU/CAZUkKk81OXuq9tul/5lyNS+22iKg==",
+ "engines": {
+ "node": ">=0.6.0"
+ }
+ },
"node_modules/yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
diff --git a/package.json b/package.json
index 4c51222..7fe45f6 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
"helmet": "^7.1.0",
"passport": "^0.7.0",
"passport-azure-ad": "latest",
+ "saml": "^3.0.1",
"sqlite3": "^5.1.7"
},
"devDependencies": {
@@ -56,7 +57,8 @@
"log": {
"levels": {
"catalog-service": "debug",
- "auth-client": "debug"
+ "auth-client": "debug",
+ "saml-service": "debug"
}
},
"requires": {
diff --git a/patches/saml+3.0.1.patch b/patches/saml+3.0.1.patch
new file mode 100644
index 0000000..2d7c9fb
--- /dev/null
+++ b/patches/saml+3.0.1.patch
@@ -0,0 +1,35 @@
+diff --git a/node_modules/saml/lib/saml11.template b/node_modules/saml/lib/saml11.template
+index 531f3a7..6a1d142 100644
+--- a/node_modules/saml/lib/saml11.template
++++ b/node_modules/saml/lib/saml11.template
+@@ -6,7 +6,7 @@
+
+
+
+- urn:oasis:names:tc:SAML:1.0:cm:bearer
++ urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
+
+
+
+@@ -16,7 +16,7 @@
+
+
+
+- urn:oasis:names:tc:SAML:1.0:cm:bearer
++ urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
+
+
+
+diff --git a/node_modules/saml/lib/saml20.template b/node_modules/saml/lib/saml20.template
+index cd81289..a958fa1 100644
+--- a/node_modules/saml/lib/saml20.template
++++ b/node_modules/saml/lib/saml20.template
+@@ -2,7 +2,7 @@
+
+
+
+-
++
+
+
+
diff --git a/srv/saml-service.cds b/srv/saml-service.cds
new file mode 100644
index 0000000..3daea89
--- /dev/null
+++ b/srv/saml-service.cds
@@ -0,0 +1,6 @@
+service SamlService {
+
+ function getMetadata() returns String;
+ function getSamlAssertion() returns String;
+
+}
diff --git a/srv/saml-service.js b/srv/saml-service.js
new file mode 100644
index 0000000..cb02a63
--- /dev/null
+++ b/srv/saml-service.js
@@ -0,0 +1,41 @@
+const cds = require("@sap/cds");
+const LOG = cds.log("saml-service");
+
+const fs = require("fs");
+var saml = require("saml").Saml20; // or Saml11
+
+module.exports = class SamlService extends cds.Service {
+ init() {
+ var options = {
+ cert: fs.readFileSync("./certificates/idp.example.com.pem").toString(),
+ key: fs.readFileSync("./certificates/idp.example.com-key.pem").toString(),
+ issuer: "https://idp.example.com",
+ lifetimeInSeconds: 600,
+ audiences: "http://A4H",
+ attributes: {
+ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":
+ "Gregor Wolf",
+ },
+ nameIdentifier: "",
+ // sessionIndex: "_faed468a-15a0-4668-aed6-3d9c478cc8fa",
+ };
+
+ this.on("getMetadata", async (req) => {
+ LOG._debug && LOG.debug("getMetadata");
+ return "Not supported";
+ });
+
+ this.on("getSamlAssertion", async (req) => {
+ LOG._debug && LOG.debug("getMetadata");
+ LOG._debug && LOG.debug(req.user.id);
+ options.nameIdentifier = req.user.id;
+ // sets SubjectConfirmation to:
+ // Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
+ // for SOAP we need:
+ // Method = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"
+ const samlAssertion = saml.create(options);
+ LOG._debug && LOG.debug(samlAssertion);
+ return samlAssertion;
+ });
+ }
+};
diff --git a/test/saml-metadata-idp.xml b/test/saml-metadata-idp.xml
new file mode 100644
index 0000000..3a1055b
--- /dev/null
+++ b/test/saml-metadata-idp.xml
@@ -0,0 +1,49 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ n8JEpxfga49oXxedaVIxAqjPkfw=
+
+
+
+ QngF65fHf31Q1T/3mkpHO+JELDu2OxSRQzxJpAkRVmP0ZNejwoNa2i2+NWDuyvlIz8qFPQenoynGhKVesppiZh6FtrKR1Oz9eL8kCF86yJ4STOouq6foJ8InRYd0G4V1MiCnxbTv4L4AIyitv6gAtzWIyjLdiVCgsAmGbjbwRj8JnSr1J0GJooRsNtgS15gt9b3ETXyt1EjV9UdsCWSN9Wckm17wEZS+qB8k+eJU2cuRyspp+Bqscd0mDxTsPJVB9zRu/cWPN1d/yliF6gjPFKFmyKV9MueXdfwDafTmDQ4PYiWuTdR0Ma+e6ny1t60AZl+JwN3Efi2fzArPQzeBTw==
+
+
+
+ MIIEQjCCAqqgAwIBAgIRAK8x38sblAy/JKQcZPpA06QwDQYJKoZIhvcNAQELBQAwdzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSYwJAYDVQQLDB1nd29sZkBNQlAxNVRvdWNoYmFyLmZ1Yi5sb2NhbDEtMCsGA1UEAwwkbWtjZXJ0IGd3b2xmQE1CUDE1VG91Y2hiYXIuZnViLmxvY2FsMB4XDTI0MDEyMTEwMTA0N1oXDTI2MDQyMTA5MTA0N1owXDEnMCUGA1UEChMebWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTEwLwYDVQQLDChnd29sZkBtYnAxNi0yMDIzLmZyaXR6LmJveCAoR3JlZ29yIFdvbGYpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvezSj/HfTlJLMR5ceBMHvvMHFsjKyR3woELUikRrWesnsw5PrWpAcddQYXu/qfD/zq/H9y3JizVew3Ea1p0FOctitTdkVJtM4c0KlO49ieLI7CaMQjeFl+F3TW/spSLNpTOMBOTXZU8zYBVlXQ0jFLdBHKKsgvls+kwuKyOeig8B7zywPOlzRAmXq7fFYK9wQHVT+stWtMMlldg/atO+1YvQLb0eFa5YTHk+1XCeZVMqKCn3s2j8IJbjSFSiCQd6VyaZtGhqy/lO+79NGuqGY99SW1h9wKBQD7ejetXC08+YB71gvpnJMa6lICKdcL78RaCCelPPj9KKb/k+dbMvHQIDAQABo2QwYjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUBpON7wycOyWbai5h3uLxsACWmE0wGgYDVR0RBBMwEYIPaWRwLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQCky2vn8VgkZ0WhNfKhGT6NBQwZ8K1A8Eeq0kphOrnHhi3cbIICYElDqc9Crb+zAUVGPCfKNAmq7FJaDB2Hp+glnb8L+w2hi1W4MaLAExFZAjEpd01JVODxLwo3RsUDsKh7y1c+8y0j1jgXhFIyhC6x03tB0YgwVZJDBxI3+7xA7JTOC2GacWzLgqi3X4MxR7TYx2AbFyDsrctDwZJCw7K91ewSXlQGU0eoXK1WlV/pmwsnZtYiGGQHDlfentZMHRDDNuoBPhGc1a7o7mK5jQ3ELLU3RdV7PUjDiVwY+RUim5lIQRfZi70lSlugYWHTSFsMOYZOTljoZwU+TR9GWQ2qPfomlyOoZX4WbuKxkcgn7e8Fzs/isWS4OH5A0Sv3+ouFU06keFbcGfv5QXTxmZQYizZUUEZNxS9cC2go87AhznaIM9yVEMdqFBj5UJcTwPy9l+EzlIkBkqTw1u1cf7RU9WJSlu65o6DdXzu7HmlR/lcZmiRwdiL9DEKPWUFP+Nk=
+
+
+
+
+
+
+
+
+ MIIEQjCCAqqgAwIBAgIRAK8x38sblAy/JKQcZPpA06QwDQYJKoZIhvcNAQELBQAwdzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSYwJAYDVQQLDB1nd29sZkBNQlAxNVRvdWNoYmFyLmZ1Yi5sb2NhbDEtMCsGA1UEAwwkbWtjZXJ0IGd3b2xmQE1CUDE1VG91Y2hiYXIuZnViLmxvY2FsMB4XDTI0MDEyMTEwMTA0N1oXDTI2MDQyMTA5MTA0N1owXDEnMCUGA1UEChMebWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTEwLwYDVQQLDChnd29sZkBtYnAxNi0yMDIzLmZyaXR6LmJveCAoR3JlZ29yIFdvbGYpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvezSj/HfTlJLMR5ceBMHvvMHFsjKyR3woELUikRrWesnsw5PrWpAcddQYXu/qfD/zq/H9y3JizVew3Ea1p0FOctitTdkVJtM4c0KlO49ieLI7CaMQjeFl+F3TW/spSLNpTOMBOTXZU8zYBVlXQ0jFLdBHKKsgvls+kwuKyOeig8B7zywPOlzRAmXq7fFYK9wQHVT+stWtMMlldg/atO+1YvQLb0eFa5YTHk+1XCeZVMqKCn3s2j8IJbjSFSiCQd6VyaZtGhqy/lO+79NGuqGY99SW1h9wKBQD7ejetXC08+YB71gvpnJMa6lICKdcL78RaCCelPPj9KKb/k+dbMvHQIDAQABo2QwYjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUBpON7wycOyWbai5h3uLxsACWmE0wGgYDVR0RBBMwEYIPaWRwLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQCky2vn8VgkZ0WhNfKhGT6NBQwZ8K1A8Eeq0kphOrnHhi3cbIICYElDqc9Crb+zAUVGPCfKNAmq7FJaDB2Hp+glnb8L+w2hi1W4MaLAExFZAjEpd01JVODxLwo3RsUDsKh7y1c+8y0j1jgXhFIyhC6x03tB0YgwVZJDBxI3+7xA7JTOC2GacWzLgqi3X4MxR7TYx2AbFyDsrctDwZJCw7K91ewSXlQGU0eoXK1WlV/pmwsnZtYiGGQHDlfentZMHRDDNuoBPhGc1a7o7mK5jQ3ELLU3RdV7PUjDiVwY+RUim5lIQRfZi70lSlugYWHTSFsMOYZOTljoZwU+TR9GWQ2qPfomlyOoZX4WbuKxkcgn7e8Fzs/isWS4OH5A0Sv3+ouFU06keFbcGfv5QXTxmZQYizZUUEZNxS9cC2go87AhznaIM9yVEMdqFBj5UJcTwPy9l+EzlIkBkqTw1u1cf7RU9WJSlu65o6DdXzu7HmlR/lcZmiRwdiL9DEKPWUFP+Nk=
+
+
+
+
+
+
+
+ MIIEQjCCAqqgAwIBAgIRAK8x38sblAy/JKQcZPpA06QwDQYJKoZIhvcNAQELBQAwdzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSYwJAYDVQQLDB1nd29sZkBNQlAxNVRvdWNoYmFyLmZ1Yi5sb2NhbDEtMCsGA1UEAwwkbWtjZXJ0IGd3b2xmQE1CUDE1VG91Y2hiYXIuZnViLmxvY2FsMB4XDTI0MDEyMTEwMTA0N1oXDTI2MDQyMTA5MTA0N1owXDEnMCUGA1UEChMebWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTEwLwYDVQQLDChnd29sZkBtYnAxNi0yMDIzLmZyaXR6LmJveCAoR3JlZ29yIFdvbGYpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvezSj/HfTlJLMR5ceBMHvvMHFsjKyR3woELUikRrWesnsw5PrWpAcddQYXu/qfD/zq/H9y3JizVew3Ea1p0FOctitTdkVJtM4c0KlO49ieLI7CaMQjeFl+F3TW/spSLNpTOMBOTXZU8zYBVlXQ0jFLdBHKKsgvls+kwuKyOeig8B7zywPOlzRAmXq7fFYK9wQHVT+stWtMMlldg/atO+1YvQLb0eFa5YTHk+1XCeZVMqKCn3s2j8IJbjSFSiCQd6VyaZtGhqy/lO+79NGuqGY99SW1h9wKBQD7ejetXC08+YB71gvpnJMa6lICKdcL78RaCCelPPj9KKb/k+dbMvHQIDAQABo2QwYjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUBpON7wycOyWbai5h3uLxsACWmE0wGgYDVR0RBBMwEYIPaWRwLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQCky2vn8VgkZ0WhNfKhGT6NBQwZ8K1A8Eeq0kphOrnHhi3cbIICYElDqc9Crb+zAUVGPCfKNAmq7FJaDB2Hp+glnb8L+w2hi1W4MaLAExFZAjEpd01JVODxLwo3RsUDsKh7y1c+8y0j1jgXhFIyhC6x03tB0YgwVZJDBxI3+7xA7JTOC2GacWzLgqi3X4MxR7TYx2AbFyDsrctDwZJCw7K91ewSXlQGU0eoXK1WlV/pmwsnZtYiGGQHDlfentZMHRDDNuoBPhGc1a7o7mK5jQ3ELLU3RdV7PUjDiVwY+RUim5lIQRfZi70lSlugYWHTSFsMOYZOTljoZwU+TR9GWQ2qPfomlyOoZX4WbuKxkcgn7e8Fzs/isWS4OH5A0Sv3+ouFU06keFbcGfv5QXTxmZQYizZUUEZNxS9cC2go87AhznaIM9yVEMdqFBj5UJcTwPy9l+EzlIkBkqTw1u1cf7RU9WJSlu65o6DdXzu7HmlR/lcZmiRwdiL9DEKPWUFP+Nk=
+
+
+
+ urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+
+
+
diff --git a/test/saml.http b/test/saml.http
new file mode 100644
index 0000000..5fd4cde
--- /dev/null
+++ b/test/saml.http
@@ -0,0 +1,12 @@
+###
+GET http://localhost:6420/odata/v4/saml
+Authorization: Bearer {{$dotenv token}}
+###
+GET http://localhost:6420/odata/v4/saml/$metadata
+Authorization: Bearer {{$dotenv token}}
+###
+GET http://localhost:6420/odata/v4/saml/getMetadata()
+Authorization: Bearer {{$dotenv token}}
+###
+GET http://localhost:6420/odata/v4/saml/getSamlAssertion()
+Authorization: Bearer {{$dotenv token}}
diff --git a/test/saml1-assertion-entra-id-for-ABAP.xml b/test/saml1-assertion-entra-id-for-ABAP.xml
new file mode 100644
index 0000000..c79a54e
--- /dev/null
+++ b/test/saml1-assertion-entra-id-for-ABAP.xml
@@ -0,0 +1,87 @@
+
+
+
+ http://A4H
+
+
+
+
+ gregor@computerservice-wolf.com
+
+ urn:oasis:names:tc:SAML:1.0:cm:bearer
+
+
+
+ 6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48
+
+
+ 648e8502-0695-4d29-85a8-22d33c8967b3
+
+
+ Gregor Wolf
+
+
+ https://sts.windows.net/6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48/
+
+
+
+ http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
+ http://schemas.microsoft.com/claims/multipleauthn
+
+
+ Gregor
+
+
+ Wolf
+
+
+ gregor@computerservice-wolf.com
+
+
+ gregor@computerservice-wolf.com
+
+
+
+
+ gregor@computerservice-wolf.com
+
+ urn:oasis:names:tc:SAML:1.0:cm:bearer
+
+
+
+
+
+
+
+
+
+
+
+
+
+ XiQAg7MAz0Gr4nsbwn0f4dt+dlCiX/hIA0m2nhjK3ak=
+
+
+
+
+
+
+
+ MIIC8DCCAdigAwIBAgIQPaaIiVFbh6xJVXZxwoNEMjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMzEyMjAxNjU3MzdaFw0yNjEyMjAxNjU3MzdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7sHOt0iLCuKkBgLCIUMnGMJ5kisU0SD7mjYnBQ/9yyIpARpQdMGp+1c20moKDXf2IUiqv4tswf58rF0U3skvxFh8VeKG4VVZpVXNvO2nlPJ0ta3KAGVWAg0tVak7exJ+hFECsAhjSlECJqlwlUDuo4Mn6lPT+8E9RBdb/h/HdWQD7PvTQBK/GlturYwaJUmNB6ms/SIVpN53L75yGsCE4VBvdYbAK+L0oK4E8neM+mLGLvDq1Qj+nIJD2cHCv+/3vQgDluayZIaV+KAPQS3OQkJ3mIn038mdfOwdDvVhhb3OvBnbtKQBaCIb3JASTQCt80ipkK6JVcLW6jU423uzQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAd+P0N8c646jjE/pcBDC4f8BdWkujkOVAos3T3PdAlCZxgfnLhKMLdn2iACgP9MHi5pDAxkgINJoR7fiE6OTPeFqWCDUSWvcLb+ztn6ZM3lt88C3rhoEejTDNlIOsl7HSQ6uXuK+gB4CoWtnZYdAmKH/aSAcu055/mnbt4094Ts5QcDGoSMtxPfuI6w0vp+4FyP8fp7NSGQte09YuHw7bclCgcIEwr7FlXufGtjNzgocr5HmGK0TLrGegyRyZC/nXcQeASM11Y+f5a4YRfv/8yaMH1qwTVdN/mnn5HsSBbkjixgcoiVVLDMzKoY1FS9SL3J/uEoh/zYg/jO+wcEy4J
+
+
+
+
diff --git a/test/saml1-assertion.xml b/test/saml1-assertion.xml
new file mode 100644
index 0000000..1bacfa5
--- /dev/null
+++ b/test/saml1-assertion.xml
@@ -0,0 +1,54 @@
+
+
+
+ http://A4H
+
+
+
+
+
+ 648e8502-0695-4d29-85a8-22d33c8967b3
+
+ urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
+
+
+
+ Gregor Wolf
+
+
+
+
+
+ 648e8502-0695-4d29-85a8-22d33c8967b3
+
+ urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DNQ48nQ0YlZCtYKjYhnXDj0PUXRMjC7scLsVxtLgxfs=
+
+
+
+
+
+
+
+ MIIEQjCCAqqgAwIBAgIRAK8x38sblAy/JKQcZPpA06QwDQYJKoZIhvcNAQELBQAwdzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSYwJAYDVQQLDB1nd29sZkBNQlAxNVRvdWNoYmFyLmZ1Yi5sb2NhbDEtMCsGA1UEAwwkbWtjZXJ0IGd3b2xmQE1CUDE1VG91Y2hiYXIuZnViLmxvY2FsMB4XDTI0MDEyMTEwMTA0N1oXDTI2MDQyMTA5MTA0N1owXDEnMCUGA1UEChMebWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTEwLwYDVQQLDChnd29sZkBtYnAxNi0yMDIzLmZyaXR6LmJveCAoR3JlZ29yIFdvbGYpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvezSj/HfTlJLMR5ceBMHvvMHFsjKyR3woELUikRrWesnsw5PrWpAcddQYXu/qfD/zq/H9y3JizVew3Ea1p0FOctitTdkVJtM4c0KlO49ieLI7CaMQjeFl+F3TW/spSLNpTOMBOTXZU8zYBVlXQ0jFLdBHKKsgvls+kwuKyOeig8B7zywPOlzRAmXq7fFYK9wQHVT+stWtMMlldg/atO+1YvQLb0eFa5YTHk+1XCeZVMqKCn3s2j8IJbjSFSiCQd6VyaZtGhqy/lO+79NGuqGY99SW1h9wKBQD7ejetXC08+YB71gvpnJMa6lICKdcL78RaCCelPPj9KKb/k+dbMvHQIDAQABo2QwYjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUBpON7wycOyWbai5h3uLxsACWmE0wGgYDVR0RBBMwEYIPaWRwLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQCky2vn8VgkZ0WhNfKhGT6NBQwZ8K1A8Eeq0kphOrnHhi3cbIICYElDqc9Crb+zAUVGPCfKNAmq7FJaDB2Hp+glnb8L+w2hi1W4MaLAExFZAjEpd01JVODxLwo3RsUDsKh7y1c+8y0j1jgXhFIyhC6x03tB0YgwVZJDBxI3+7xA7JTOC2GacWzLgqi3X4MxR7TYx2AbFyDsrctDwZJCw7K91ewSXlQGU0eoXK1WlV/pmwsnZtYiGGQHDlfentZMHRDDNuoBPhGc1a7o7mK5jQ3ELLU3RdV7PUjDiVwY+RUim5lIQRfZi70lSlugYWHTSFsMOYZOTljoZwU+TR9GWQ2qPfomlyOoZX4WbuKxkcgn7e8Fzs/isWS4OH5A0Sv3+ouFU06keFbcGfv5QXTxmZQYizZUUEZNxS9cC2go87AhznaIM9yVEMdqFBj5UJcTwPy9l+EzlIkBkqTw1u1cf7RU9WJSlu65o6DdXzu7HmlR/lcZmiRwdiL9DEKPWUFP+Nk=
+
+
+
+
diff --git a/test/saml2-assertion-entra-id-for-ABAP.xml b/test/saml2-assertion-entra-id-for-ABAP.xml
new file mode 100644
index 0000000..bd9f780
--- /dev/null
+++ b/test/saml2-assertion-entra-id-for-ABAP.xml
@@ -0,0 +1,74 @@
+
+ https://sts.windows.net/6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48/
+
+
+
+
+
+
+
+
+
+
+ rvsxEKGMzKauQfgpxYzjNsmGjlcXvcSyyvexKrJ6Qn8=
+
+
+
+
+
+
+
+ MIIC8DCCAdigAwIBAgIQPaaIiVFbh6xJVXZxwoNEMjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMzEyMjAxNjU3MzdaFw0yNjEyMjAxNjU3MzdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7sHOt0iLCuKkBgLCIUMnGMJ5kisU0SD7mjYnBQ/9yyIpARpQdMGp+1c20moKDXf2IUiqv4tswf58rF0U3skvxFh8VeKG4VVZpVXNvO2nlPJ0ta3KAGVWAg0tVak7exJ+hFECsAhjSlECJqlwlUDuo4Mn6lPT+8E9RBdb/h/HdWQD7PvTQBK/GlturYwaJUmNB6ms/SIVpN53L75yGsCE4VBvdYbAK+L0oK4E8neM+mLGLvDq1Qj+nIJD2cHCv+/3vQgDluayZIaV+KAPQS3OQkJ3mIn038mdfOwdDvVhhb3OvBnbtKQBaCIb3JASTQCt80ipkK6JVcLW6jU423uzQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAd+P0N8c646jjE/pcBDC4f8BdWkujkOVAos3T3PdAlCZxgfnLhKMLdn2iACgP9MHi5pDAxkgINJoR7fiE6OTPeFqWCDUSWvcLb+ztn6ZM3lt88C3rhoEejTDNlIOsl7HSQ6uXuK+gB4CoWtnZYdAmKH/aSAcu055/mnbt4094Ts5QcDGoSMtxPfuI6w0vp+4FyP8fp7NSGQte09YuHw7bclCgcIEwr7FlXufGtjNzgocr5HmGK0TLrGegyRyZC/nXcQeASM11Y+f5a4YRfv/8yaMH1qwTVdN/mnn5HsSBbkjixgcoiVVLDMzKoY1FS9SL3J/uEoh/zYg/jO+wcEy4J
+
+
+
+
+
+ gregor@computerservice-wolf.com
+
+
+
+
+
+
+ http://A4H
+
+
+
+
+ 6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48
+
+
+ 648e8502-0695-4d29-85a8-22d33c8967b3
+
+
+ Gregor Wolf
+
+
+ https://sts.windows.net/6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48/
+
+
+ http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
+ http://schemas.microsoft.com/claims/multipleauthn
+
+
+ Gregor
+
+
+ Wolf
+
+
+ gregor@computerservice-wolf.com
+
+
+ gregor@computerservice-wolf.com
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
+
+
+
diff --git a/test/saml2-assertion-entra-id-for-BTP.xml b/test/saml2-assertion-entra-id-for-BTP.xml
new file mode 100644
index 0000000..d1bdfd1
--- /dev/null
+++ b/test/saml2-assertion-entra-id-for-BTP.xml
@@ -0,0 +1,74 @@
+
+ https://sts.windows.net/6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48/
+
+
+
+
+
+
+
+
+
+
+ gs5jRTw6afyqUnCDJGePn6tcvlzd+qyAcwMNHrYgsL8=
+
+
+
+
+
+
+
+ MIIC8DCCAdigAwIBAgIQHRuLDvCR4IVHlwm1qPPJmzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDAxMTkxMTQ4MzJaFw0yNzAxMTkxMTQ4MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c2MoPEAGzx0KKnEu9G+WhuAsSkOpn9CeibAEGbANnztuJuNBmjMjKXipvHYeMwymo6gptYsC0WBWZzYnuQv7kUz1XL3KkEMh1maVxZbGohcuiEM3FN+RUNkXKzic6grQdlPClUxoYZ/WASpZKvtUjuHgax1Xdm9iqwU+pUjYWbPvEefCP+KKMz7rub35+R3RSHmEDgT7g5L6zFXJEzl5LSJL19b2wXmj93i1obyD7Z5YJLwjxc9zzF+5+SDXSC+Rh/k4yHy5v0q35CbYmcGTXG6X5g3f8wJFYGvoi5j2k492bit7kTFeSgfEehSPKaCK73V7vw3LIJAXkXxuJs8dQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBpFKznH/4mu91FYaUQ90JqzCLnCzm3qXfmNVW6KNxnZ2ky1+hViDMkwkYct8sQiLx+IVYVX/ze1XhtuJsx2QKpolc4H5fSQik6v1Qw7wnL0HbK2ChEp6EEf9hI6+z4+roNvrmGmEmemBf5QbL0PHI4LCm7lvoe297gXjKN/B+Tu02rxEnup+FaKsZx6sq7RF+ktnhOs/3gkJDG41hi47Uk1Z0FY3L/fFAr6EWGb0BQLg6VYeniws187ImBFOnyqqZgXlLfbeZmzkmnuQcJUGjLEuKoyHcfeBPwW8umU+ggQlKAX6mxnlIhw30OwnGmD2a+lARclONWHTiGX4IdTTXl
+
+
+
+
+
+ gregor@computerservice-wolf.com
+
+
+
+
+
+
+ https://3c8d325btrial.authentication.us10.hana.ondemand.com
+
+
+
+
+ 6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48
+
+
+ 648e8502-0695-4d29-85a8-22d33c8967b3
+
+
+ Gregor Wolf
+
+
+ https://sts.windows.net/6f8c8b13-6c5b-42e2-8a42-e4ef99e7ff48/
+
+
+ http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
+ http://schemas.microsoft.com/claims/multipleauthn
+
+
+ Gregor
+
+
+ Wolf
+
+
+ gregor@computerservice-wolf.com
+
+
+ gregor@computerservice-wolf.com
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
+
+
+