diff options
author | Aleš Smodiš <aless@guru.si> | 2015-10-21 10:50:36 +0200 |
---|---|---|
committer | Aleš Smodiš <aless@guru.si> | 2015-10-21 10:50:36 +0200 |
commit | a1e1b8201d0cc8e49b0a57e1978fd45be3a4961d (patch) | |
tree | a4030e9219661e1af07c7415f8f03029e72a8c19 | |
parent | 591dbb2ec40bb3956e71e4660aeb9d139033fb9a (diff) |
Adapt to the new SAML URLs, set ForceAuthn=true to always request authentication from the user.
-rw-r--r-- | saml/saml.js | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/saml/saml.js b/saml/saml.js index 3eff569..59b16fc 100644 --- a/saml/saml.js +++ b/saml/saml.js @@ -46,7 +46,7 @@ process.on('uncaughtException', function (error) { // SP (that's us) //--------------- // our URL where the IdP responds with a login result -var assertionConsumerServiceURL = 'https://codeq.si/Shibboleth.sso/SAML2/POST', // must be a POST +var assertionConsumerServiceURL = 'https://codeq.si/saml/assert', // must be a POST // our issuer ID SPIssuer = 'https://codeq.si/sp/201509281041', // our encryption key for signing requests @@ -490,6 +490,7 @@ http_app.get('/Shibboleth.sso/Login', function (req, res) { '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '@AssertionConsumerServiceURL': assertionConsumerServiceURL, '@Destination': SSOServiceURL, + '@ForceAuthn': 'true', '@ID': requestId, '@IssueInstant': new Date().toISOString(), 'saml:Issuer': { @@ -608,7 +609,7 @@ http_app.get('/Shibboleth.sso/Logout', function (req, res) { }); // user logged in, read the credentials -http_app.post('/Shibboleth.sso/SAML2/POST', function (req, res) { +http_app.post('/saml/assert', function (req, res) { var form = req.body, keys = [], errors = [], @@ -733,7 +734,7 @@ http_app.post('/Shibboleth.sso/SAML2/POST', function (req, res) { }); // user logged out, the GET service -http_app.get('/Shibboleth.sso/SLO/Redirect', function (req, res) { +http_app.get('/saml/slo', function (req, res) { var form = req.query, delegateToHandler = function (err, buffer, handler) { if (err) { |