Adapt to the new SAML URLs, set ForceAuthn=true to always request authentication from the user.

1 files changed, 4 insertions, 3 deletions

diff --git a/saml/saml.js b/saml/saml.js
index 3eff569..59b16fc 100644
--- a/saml/saml.js
+++ b/saml/saml.js
@@ -46,7 +46,7 @@ process.on('uncaughtException', function (error) {
 // SP (that's us)
 //---------------
     // our URL where the IdP responds with a login result
-var assertionConsumerServiceURL = 'https://codeq.si/Shibboleth.sso/SAML2/POST', // must be a POST
+var assertionConsumerServiceURL = 'https://codeq.si/saml/assert', // must be a POST
     // our issuer ID
     SPIssuer = 'https://codeq.si/sp/201509281041',
     // our encryption key for signing requests
@@ -490,6 +490,7 @@ http_app.get('/Shibboleth.sso/Login', function (req, res) {
                 '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
                 '@AssertionConsumerServiceURL': assertionConsumerServiceURL,
                 '@Destination': SSOServiceURL,
+                '@ForceAuthn': 'true',
                 '@ID': requestId,
                 '@IssueInstant': new Date().toISOString(),
                 'saml:Issuer': {
@@ -608,7 +609,7 @@ http_app.get('/Shibboleth.sso/Logout', function (req, res) {
 });
 
 // user logged in, read the credentials
-http_app.post('/Shibboleth.sso/SAML2/POST', function (req, res) {
+http_app.post('/saml/assert', function (req, res) {
     var form = req.body,
         keys = [],
         errors = [],
@@ -733,7 +734,7 @@ http_app.post('/Shibboleth.sso/SAML2/POST', function (req, res) {
 });
 
 // user logged out, the GET service
-http_app.get('/Shibboleth.sso/SLO/Redirect', function (req, res) {
+http_app.get('/saml/slo', function (req, res) {
     var form = req.query,
         delegateToHandler = function (err, buffer, handler) {
             if (err) {