From a1e1b8201d0cc8e49b0a57e1978fd45be3a4961d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Smodi=C5=A1?= Date: Wed, 21 Oct 2015 10:50:36 +0200 Subject: Adapt to the new SAML URLs, set ForceAuthn=true to always request authentication from the user. --- saml/saml.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'saml/saml.js') diff --git a/saml/saml.js b/saml/saml.js index 3eff569..59b16fc 100644 --- a/saml/saml.js +++ b/saml/saml.js @@ -46,7 +46,7 @@ process.on('uncaughtException', function (error) { // SP (that's us) //--------------- // our URL where the IdP responds with a login result -var assertionConsumerServiceURL = 'https://codeq.si/Shibboleth.sso/SAML2/POST', // must be a POST +var assertionConsumerServiceURL = 'https://codeq.si/saml/assert', // must be a POST // our issuer ID SPIssuer = 'https://codeq.si/sp/201509281041', // our encryption key for signing requests @@ -490,6 +490,7 @@ http_app.get('/Shibboleth.sso/Login', function (req, res) { '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '@AssertionConsumerServiceURL': assertionConsumerServiceURL, '@Destination': SSOServiceURL, + '@ForceAuthn': 'true', '@ID': requestId, '@IssueInstant': new Date().toISOString(), 'saml:Issuer': { @@ -608,7 +609,7 @@ http_app.get('/Shibboleth.sso/Logout', function (req, res) { }); // user logged in, read the credentials -http_app.post('/Shibboleth.sso/SAML2/POST', function (req, res) { +http_app.post('/saml/assert', function (req, res) { var form = req.body, keys = [], errors = [], @@ -733,7 +734,7 @@ http_app.post('/Shibboleth.sso/SAML2/POST', function (req, res) { }); // user logged out, the GET service -http_app.get('/Shibboleth.sso/SLO/Redirect', function (req, res) { +http_app.get('/saml/slo', function (req, res) { var form = req.query, delegateToHandler = function (err, buffer, handler) { if (err) { -- cgit v1.2.1