[BUG] generateServiceProviderMetada produce ContactPerson and Organization elements out of order. #333
Description
** Spec-driven development **
According to "saml-schema-metadata-2.0.xsd" the EntityDescriptorType is a sequence (i.e order matters)
See:
<complexType name="EntityDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
…
<element ref="md:Organization" minOccurs="0"/>
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
….
</sequence>
…
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>So, if an Organization element is present it should be before the ContactPerson element.
But in https://github.com/node-saml/node-saml/blob/master/src/metadata.ts#L60-61 those are inverted.
Right now a produced XML, using xmllint fails to validate with:
meta.xml:11: element Organization: Schemas validity error : Element '{urn:oasis:names:tc:SAML:2.0:metadata}Organization': This element is not expected. Expected is one of ( {urn:oasis:names:tc:SAML:2.0:metadata}ContactPerson, {urn:oasis:names:tc:SAML:2.0:metadata}AdditionalMetadataLocation ).
meta.xml fails to validate
** Community development model **
I think the fix is a trivial one:
--- a/src/metadata.ts
+++ b/src/metadata.ts
@@ -57,8 +57,8 @@ export const generateServiceProviderMetadata = (
"@protocolSupportEnumeration": "urn:oasis:names:tc:SAML:2.0:protocol",
"@AuthnRequestsSigned": "false",
},
- ...(metadataContactPerson ? { ContactPerson: metadataContactPerson } : {}),
...(metadataOrganization ? { Organization: metadataOrganization } : {}),
+ ...(metadataContactPerson ? { ContactPerson: metadataContactPerson } : {}),
},
};With that the produced XML validates.
Do I need to create a PR?
Environment
- Node.js version: v20.10.0
- @node-saml/node-saml version: v4.0.5