Fixes `node-saml` not checking all `Audience`s in an `AudienceRestriction` by catamphetamine · Pull Request #340 · node-saml/node-saml

catamphetamine · 2023-12-21T06:23:00Z

Description

See the issue description: #339

SAML Specification

https://docs.oasis-open.org/security/saml/v2.0/sstc-saml-approved-errata-2.0-cd-02.pdf

E46: AudienceRestriction Clarifications

Note that multiple <AudienceRestriction> elements MAY be included in a single assertion, and each MUST be evaluated independently. The effect of this requirement and the preceding definition is that within a given <AudienceRestrictions>, the <Audience> elements form a disjunction (an "OR") while multiple <AudienceRestrictions> elements form a conjunction (an "AND").

Test

Included.

Documentation Changes

Not required.

Checklist:

Issue Addressed: [x]
Link to SAML spec: [x]
Tests included? [x]
Documentation updated? [ ]

…tion`

…ion`

src/saml.ts

Co-authored-by: Chris Barth <chrisjbarth@hotmail.com>

catamphetamine · 2023-12-28T22:03:56Z

@cjbarth Thx, updated the variable name as per your suggestion.

src/saml.ts

Co-authored-by: Chris Barth <chrisjbarth@hotmail.com>

cjbarth · 2023-12-28T22:22:07Z

Please address the build failures. You can check locally by running npm test.

catamphetamine · 2023-12-28T22:30:13Z

@cjbarth

Please address the build failures. You can check locally by running npm test.

There're 4 tests that don't pass and I haven't touched any of those so dunno.

  Comparison {
+   message: 'error:1E08010C:DECODER routines::unsupported'
-   message: 'Failed to read private key'
  }

https://github.com/node-saml/node-saml/actions/runs/7351725940/job/20015499038

cjbarth · 2023-12-28T22:30:59Z

Does a checkout of master pass?

catamphetamine · 2023-12-28T22:34:51Z

@cjbarth I also could speculate that those tests might somehow be broken in the main branch.

I won't be able to tell you if the tests pass locally on the master branch because on my Windows machine a lot of tests don't pass, most likely due to "CR LF" or something.

Perhaps you could checkout this branch and see if the tests pass on your machine.

cjbarth · 2023-12-28T23:13:03Z

There is something else going on than a problem on master. I don't have time to look at it now, but, if you're on Windows I suggest turning off the automatic line-ending changing feature in git. I also suggest working in WSL. I'm also on Windows.

cjbarth · 2023-12-28T23:16:30Z

You're branch is passing tests, so it must be something with a dependency (we check updating dependencies during CI so we can catch stuff earlier). I'll land this and then see what's up.

catamphetamine · 2023-12-28T23:17:46Z

@cjbarth Cool, thanks.

…tion` (node-saml#340)

* Bump xml-encryption from 3.0.1 to 3.0.2 (node-saml#236) Bumps [xml-encryption](https://github.com/auth0/node-xml-encryption) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/auth0/node-xml-encryption/releases) - [Commits](https://github.com/auth0/node-xml-encryption/commits) --- updated-dependencies: - dependency-name: xml-encryption dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump xml2js from 0.4.23 to 0.5.0 (node-saml#268) Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) from 0.4.23 to 0.5.0. - [Release notes](https://github.com/Leonidas-from-XIV/node-xml2js/releases) - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits/0.5.0) --- updated-dependencies: - dependency-name: xml2js dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Release 4.0.4 * Update minor dependencies (node-saml#269) * Improve audience mismatch error message (node-saml#257) * feat: add public getAuthorizeMessage method (node-saml#235) * Acknowledge that XML can be parsed to `any` (node-saml#271) * feat: support additionalParams on HTTP-POST binding (node-saml#263) * Make `callbackUrl` manditory (node-saml#214) * Add public key support (node-saml#225) Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> * Remove types specific to Passport (node-saml#226) * Export types required for SamlOptions (node-saml#224) * Bump vm2 from 3.9.16 to 3.9.19 (node-saml#277) Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.16 to 3.9.19. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.16...3.9.19) --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump json5 from 2.2.1 to 2.2.3 (node-saml#244) Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.1...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump prettier from 2.8.7 to 2.8.8 (node-saml#274) Bumps [prettier](https://github.com/prettier/prettier) from 2.8.7 to 2.8.8. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.8.7...2.8.8) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/parser from 5.58.0 to 5.59.8 (node-saml#281) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.58.0 to 5.59.8. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.8/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump codecov/codecov-action from 3.1.1 to 3.1.4 (node-saml#279) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.1 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3.1.1...v3.1.4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update minor dependencies (node-saml#283) * Roll-up changelog entries for beta releases (node-saml#282) * Fix spelling and normalize naming (node-saml#278) * Remove express dependency (node-saml#284) * Prefer Chai `expect` to Node `assert` (node-saml#286) * Add test coverage (node-saml#287) * Separate linting out from testing (node-saml#288) * Remove dependency on Passport types (node-saml#296) * Add tests for XML parsing with comments (node-saml#285) * Bump concurrently from 7.6.0 to 8.2.0 (node-saml#290) Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 7.6.0 to 8.2.0. - [Release notes](https://github.com/open-cli-tools/concurrently/releases) - [Commits](open-cli-tools/concurrently@v7.6.0...v8.2.0) --- updated-dependencies: - dependency-name: concurrently dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/parser from 5.59.9 to 5.60.1 (node-saml#292) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.9 to 5.60.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump typescript from 4.8.4 to 5.1.6 (node-saml#293) Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.4 to 5.1.6. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](https://github.com/Microsoft/TypeScript/commits) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Allow 5.x series for TypeScript --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sinon from 14.0.2 to 15.2.0 (node-saml#294) Bumps [sinon](https://github.com/sinonjs/sinon) from 14.0.2 to 15.2.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v14.0.2...v15.2.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump word-wrap from 1.2.3 to 1.2.4 (node-saml#298) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/parser from 5.59.9 to 5.62.0 (node-saml#299) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.9 to 5.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.62.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @xmldom/xmldom from 0.8.8 to 0.8.10 (node-saml#301) Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.8 to 0.8.10. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.8...0.8.10) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.62.0 (node-saml#302) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.9 to 5.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.62.0/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @types/node from 14.18.50 to 14.18.53 (node-saml#303) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.18.50 to 14.18.53. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @cjbarth/github-release-notes from 4.0.0 to 4.1.0 (node-saml#304) Bumps [@cjbarth/github-release-notes](https://github.com/cjbarth/github-release-notes) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/cjbarth/github-release-notes/releases) - [Changelog](https://github.com/cjbarth/github-release-notes/blob/master/CHANGELOG.md) - [Commits](cjbarth/github-release-notes@4.0.0...4.1.0) --- updated-dependencies: - dependency-name: "@cjbarth/github-release-notes" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump release-it from 15.11.0 to 16.1.3 (node-saml#305) Bumps [release-it](https://github.com/release-it/release-it) from 15.11.0 to 16.1.3. - [Release notes](https://github.com/release-it/release-it/releases) - [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md) - [Commits](release-it/release-it@15.11.0...16.1.3) --- updated-dependencies: - dependency-name: release-it dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint from 8.42.0 to 8.45.0 (node-saml#306) Bumps [eslint](https://github.com/eslint/eslint) from 8.42.0 to 8.45.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.42.0...v8.45.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump prettier-plugin-packagejson from 2.4.3 to 2.4.5 (node-saml#307) Bumps [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) from 2.4.3 to 2.4.5. - [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases) - [Commits](matzkoh/prettier-plugin-packagejson@v2.4.3...v2.4.5) --- updated-dependencies: - dependency-name: prettier-plugin-packagejson dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump prettier from 2.8.8 to 3.0.0 (node-saml#300) Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.8.8...3.0.0) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Lint --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> * Merge pull request from GHSA-vx8m-6fhw-pccw * Added verifyLogoutRequest to validatePostRequestAsync flow * Added bad expiration test * Updated IssueInstance to be in the past * Enforce valid setting for validateInResponseTo (node-saml#314) * Add test coverage for initialize() of saml.ts (node-saml#327) * Fixes `node-saml` not checking all `Audience`s in an `AudienceRestriction` (node-saml#340) * Upgrade to latest version of xml-crypto (node-saml#341) * Update to current Node versions (node-saml#342) * Fix metadata order (node-saml#334) Use the element order defined by "saml-schema-metadata-2.0.xsd" Closes node-saml#333 * Export generateServiceProviderMetadata (node-saml#337) * Rename `cert` to `idpCert` and `signingCert` to `publicCert` (node-saml#343) * Added X509 certificate to KeyInfo X509Data, if passed through options (node-saml#36) Co-authored-by: Ganesh Kshirsagar <ganesh.kshirsagar@nice.com> Co-authored-by: Barry Hagan <barryhagan@gmail.com> Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> * Update minor dependencies and Node to 18 (node-saml#344) * Bump actions/checkout from 3 to 4 (node-saml#330) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sinon and @types/sinon (node-saml#349) Bumps [sinon](https://github.com/sinonjs/sinon) and [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon). These dependencies needed to be updated together. Updates `sinon` from 15.2.0 to 17.0.1 - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v15.2.0...v17.0.1) Updates `@types/sinon` from 10.0.20 to 17.0.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/sinon" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-plugin-deprecation from 1.5.0 to 2.0.0 (node-saml#347) Bumps [eslint-plugin-deprecation](https://github.com/gund/eslint-plugin-deprecation) from 1.5.0 to 2.0.0. - [Release notes](https://github.com/gund/eslint-plugin-deprecation/releases) - [Changelog](https://github.com/gund/eslint-plugin-deprecation/blob/master/CHANGELOG.md) - [Commits](gund/eslint-plugin-deprecation@v1.5.0...v2.0.0) --- updated-dependencies: - dependency-name: eslint-plugin-deprecation dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-config-prettier from 8.10.0 to 9.1.0 (node-saml#345) Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 8.10.0 to 9.1.0. - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-config-prettier@v8.10.0...v9.1.0) --- updated-dependencies: - dependency-name: eslint-config-prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-plugin-prettier from 4.2.1 to 5.1.3 (node-saml#346) Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) from 4.2.1 to 5.1.3. - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md) - [Commits](prettier/eslint-plugin-prettier@v4.2.1...v5.1.3) --- updated-dependencies: - dependency-name: eslint-plugin-prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump release-it from 16.3.0 to 17.0.5 (node-saml#348) Bumps [release-it](https://github.com/release-it/release-it) from 16.3.0 to 17.0.5. - [Release notes](https://github.com/release-it/release-it/releases) - [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md) - [Commits](release-it/release-it@16.3.0...17.0.5) --- updated-dependencies: - dependency-name: release-it dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Release 5.0.0 * Update sponsor acknowledgements (node-saml#365) * Docs: add pitch to encourage more sponsors (node-saml#366) * feat: improve error messages when validating pems (node-saml#373) * docs: Update README.md set never default validateInResponseTo (node-saml#384) * Adjust to support type stripping (node-saml#389) * Update xml-crypto to address CVE (node-saml#388) This update addresses the following CVE: CVE-2025-29774; CVE-2025-29775 * Release 5.0.1 * Update dependencies (node-saml#391) * Adjust linting rules for line endings (node-saml#393) * Export custom SamlStatusError (node-saml#394) * add CI test & lint for Node.js 22 (node-saml#386) * Use new .signedReferences interace in xml-crypto to "see what is signed" (node-saml#397) * Update sponsors: Stytch (node-saml#395) * Release 5.1.0 * Update to support Node strip-only TypeScript support (node-saml#407) * Security: remove debug dependency (node-saml#406) * ARCH-32 node_saml changes * ARCH-32_fixed test * ARCH-32 updated the review comments * ARCH-32 package.json changes * ARCH-32 updated package json * ARCH-32 access to public * upgraded circleci node version to 22 * updated yarn.lock * removed package-lock.json * reset config.yml except for node version * reset workflow.yml * added 22.x to node-version matrix * fixed package-lock.json * fixed package-lock.json and yarn.lock * fixed node version number in package.json --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Barth <chrisjbarth@hotmail.com> Co-authored-by: gmhewett <gmhewett@users.noreply.github.com> Co-authored-by: aykutbulca <aykutbulca@gmail.com> Co-authored-by: Gert Sallaerts <1267900+GertSallaerts@users.noreply.github.com> Co-authored-by: RopoMen <RopoMen@users.noreply.github.com> Co-authored-by: jindazhao01 <137830289+jindazhao01@users.noreply.github.com> Co-authored-by: Adam Andreasson <hej@adamandreasson.se> Co-authored-by: 56 <kg0r0@yahoo.co.jp> Co-authored-by: Nikolay <catamphetamine@users.noreply.github.com> Co-authored-by: Salvador Ortiz <sog@msg.mx> Co-authored-by: Nathan Sarang-Walters <nwalters512@gmail.com> Co-authored-by: Ganesh Kshirsagar <ganeshakshirsagar@gmail.com> Co-authored-by: Ganesh Kshirsagar <ganesh.kshirsagar@nice.com> Co-authored-by: Barry Hagan <barryhagan@gmail.com> Co-authored-by: Mark Stosberg <mark@rideamigos.com> Co-authored-by: Kilian Finger <hey@kilianfinger.com> Co-authored-by: Kiran Mali <39133739+kdhttps@users.noreply.github.com> Co-authored-by: Manan Jadhav <166636237+manan-jadhav-ab@users.noreply.github.com> Co-authored-by: ahacker1 <alex@securesaml.com> Co-authored-by: howard-stytch <89414701+howard-stytch@users.noreply.github.com> Co-authored-by: suriyaka <106838750+suriyaka@users.noreply.github.com>

catamphetamine and others added 3 commits December 21, 2023 08:48

Fixes node-saml not checking all Audiences in an `AudienceRestric…

062fdb0

…tion`

node-saml#339. Test match any Audience of many in `AudienceRestrict…

e1dfb5e

…ion`

Removed <X509Certificate/> data from SAML response body in a test

4eae560

catamphetamine mentioned this pull request Dec 21, 2023

[BUG] From multiple Audience variants, only the first one gets looked at #339

Closed

Updated "SAML audience mismatch" error message

4259f00

cjbarth reviewed Dec 23, 2023

View reviewed changes

src/saml.ts Outdated Show resolved Hide resolved

Rewrote the cycle using .some()

e405c6f

catamphetamine requested a review from cjbarth December 23, 2023 21:01

Simplified the code

2c93897

cjbarth linked an issue Dec 28, 2023 that may be closed by this pull request

[BUG] From multiple Audience variants, only the first one gets looked at #339

Closed

cjbarth reviewed Dec 28, 2023

View reviewed changes

src/saml.ts Outdated Show resolved Hide resolved

Renamed _ variable to audience

98bae73

Co-authored-by: Chris Barth <chrisjbarth@hotmail.com>

catamphetamine requested a review from cjbarth December 28, 2023 22:04

cjbarth reviewed Dec 28, 2023

View reviewed changes

src/saml.ts Outdated Show resolved Hide resolved

.some() → .every()

506ac42

Co-authored-by: Chris Barth <chrisjbarth@hotmail.com>

catamphetamine requested a review from cjbarth December 28, 2023 22:11

Fixed "prettier" formatting

4592a58

cjbarth merged commit cb13ea6 into node-saml:master Dec 28, 2023

cjbarth added the enhancement New feature or request label Dec 28, 2023

AlbertPangilinan pushed a commit to Foxquilt/foxden-node-saml that referenced this pull request Sep 22, 2025

Fixes node-saml not checking all Audiences in an `AudienceRestric…

23f2732

…tion` (node-saml#340)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fixes `node-saml` not checking all `Audience`s in an `AudienceRestriction`#340

Fixes `node-saml` not checking all `Audience`s in an `AudienceRestriction`#340
cjbarth merged 9 commits intonode-saml:masterfrom
catamphetamine:fix/multipleAudiences

catamphetamine commented Dec 21, 2023

Uh oh!

Uh oh!

Uh oh!

catamphetamine commented Dec 28, 2023

Uh oh!

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

catamphetamine commented Dec 28, 2023 •

edited

Loading

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

catamphetamine commented Dec 28, 2023

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

catamphetamine commented Dec 28, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

catamphetamine commented Dec 21, 2023

Description

SAML Specification

Test

Documentation Changes

Checklist:

Uh oh!

Uh oh!

Uh oh!

catamphetamine commented Dec 28, 2023

Uh oh!

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

catamphetamine commented Dec 28, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

catamphetamine commented Dec 28, 2023

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

cjbarth commented Dec 28, 2023

Uh oh!

catamphetamine commented Dec 28, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

catamphetamine commented Dec 28, 2023 •

edited

Loading