import Entity, { BindingContext, PostBindingContext, ESamlHttpRequest, SimpleSignBindingContext,} from './entity';import { IdentityProviderConstructor as IdentityProvider, ServiceProviderMetadata, ServiceProviderSettings,} from './types';import { namespace } from './urn';import redirectBinding from './binding-redirect';import postBinding from './binding-post';import simpleSignBinding from './binding-simplesign';import { flow, FlowResult } from './flow';
export default function(props: ServiceProviderSettings) { return new ServiceProvider(props);}
export class ServiceProvider extends Entity { entityMeta: ServiceProviderMetadata;
constructor(spSetting: ServiceProviderSettings) { const entitySetting = Object.assign({ authnRequestsSigned: false, wantAssertionsSigned: false, wantMessageSigned: false, }, spSetting); super(entitySetting, 'sp'); }
public createLoginRequest( idp: IdentityProvider, binding = 'redirect', customTagReplacement?: (template: string) => BindingContext, ): BindingContext | PostBindingContext| SimpleSignBindingContext { const nsBinding = namespace.binding; const protocol = nsBinding[binding]; if (this.entityMeta.isAuthnRequestSigned() !== idp.entityMeta.isWantAuthnRequestsSigned()) { throw new Error('ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG'); }
let context: any = null; switch (protocol) { case nsBinding.redirect: return redirectBinding.loginRequestRedirectURL({ idp, sp: this }, customTagReplacement);
case nsBinding.post: context = postBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", { idp, sp: this }, customTagReplacement); break;
case nsBinding.simpleSign: context = simpleSignBinding.base64LoginRequest( { idp, sp: this }, customTagReplacement); break;
default: throw new Error('ERR_SP_LOGIN_REQUEST_UNDEFINED_BINDING'); }
return { ...context, relayState: this.entitySetting.relayState, entityEndpoint: idp.entityMeta.getSingleSignOnService(binding) as string, type: 'SAMLRequest', }; }
public parseLoginResponse(idp, binding, request: ESamlHttpRequest) { const self = this; return flow({ from: idp, self: self, checkSignature: true, parserType: 'SAMLResponse', type: 'login', binding: binding, request: request }); }
}