samlify icon indicating copy to clipboard operation
samlify copied to clipboard
verified publisher icon tngan

octetString has to be manually build and set to request

Open nflaig opened this issue 5 years ago • 2 comments

For HTTP-Redirect requests is it required to have the octetString property in the request. However, this property does not exist on the common request object and neither is it send by Idps in HTTP-Redirect request. As a workaround I did the following:

request.octetString = this.buildOctetStringFromQuery(request.query);

private buildOctetStringFromQuery(query: AnyObject = {}): string {
    return Object.keys(query)
        .filter(param => param !== "Signature")
        .map(param => param + "=" + encodeURIComponent(query[param]))
        .join("&");
}

This approach seems to work with Keycloak as an IdP when receiving signed Logout Requests, however this seems more like a hack than a good solution.

Am I misunderstanding how the octetString is supposed to be used and if not shouldnt this be handled by the library?

nflaig avatar Apr 11 '20 20:04 nflaig

Seems like this is still an issue two years later.

Based on https://github.com/tngan/samlify/blob/master/test/flow.ts#L80 (parseRedirectUrlContextCallBack), the hack proposed is the legitimate way that this API is meant to be used.

cmac-uvaro avatar Dec 02 '22 22:12 cmac-uvaro

@nflaig legend! thanks for this

williwlwilliwll avatar Jun 28 '23 12:06 williwlwilliwll