samlify icon indicating copy to clipboard operation
samlify copied to clipboard

Published 20 hours ago verified publisher icon tngan

Support EntitiesDescriptor when importing metadata

Open jbpin opened this issue 4 years ago • 7 comments

Hi,

I have some trouble configuring Samlify with keycloak. I think is due to EntitiesDescriptor.

Do you support it ?

Here is a metadata link to a IDP metadata: https://auth.stage.idruide.eu/auth/realms/samlify/protocol/saml/descriptor

As you can see there is a EntitiesDescriptor before EntityDescriptor and from here I get an error:

TypeError [ERR_INVALID_ARG_TYPE]: The "url" argument must be of type string. Received type object

and SingleSignOnService array is emtpy.

jbpin avatar Dec 16 '19 17:12 jbpin

@jbpin We haven't supported it yet, but it can be a feature request.

tngan avatar Dec 17 '19 03:12 tngan

Hi @tngan. Thanks for the quick reply. As it's part of the spec it could be nice to support it. Maybe in two steps. First could be to support an IDP options to select which EntityDescriptor index to use. Then supporting multi idp from this element. What do you think?

jbpin avatar Dec 17 '19 06:12 jbpin

@jbpin I am thinking something more general. Since there is no restriction on the type of entity defined inside the EntitiesDescriptor tag, you can also put iDP and SP metadata together in one file, and even define multiple iDPs.

Yes, the first step is to accept the metadata with the EntitiesDescriptor tag in both iDP and SP option, then for each parsing process it would find the corresponding descriptors, IDPSSODescriptor or SPSSODescriptor. We will then expose another function for you to select if there are multiple definitions.

The next step is to build a super class and import one file at once, instead of separating them into two different entity constructors, but that could change the API, so I will leave the discussion when we start working on v3.

tngan avatar Dec 17 '19 10:12 tngan

Let me rephrase the issue topic to match the context.

tngan avatar Dec 17 '19 10:12 tngan

@tngan ok nice. Sure v3 will rocks with this feature. For now, can we find a workarround so that metadata file can load and resolve first instance? I try placing ~EntitiesDescriptor in metadata.ts, metadata-idp.ts and metadata-sp.ts but not sure it will work. My idea was to provide an optional element. I know with xpath we can handle that with a path equals to: /*([local-name(.)='EntitiesDescriptor']|.)/*... using (|.) operator. I know ~ resolve to contains but I not familiar with xpath at all...

jbpin avatar Dec 17 '19 13:12 jbpin

@tngan Has there been any update on this? I've run into a couple clients who used keycloak and have been bit by this. I'd be happy to submit a PR if it's feasible to do so or work hasn't started yet

bttf avatar Aug 18 '20 17:08 bttf

Hi @tngan. Do you have any update on this issue ? looks like it's still not implemented ?

jbpin avatar Aug 04 '21 12:08 jbpin