1
votes

I am using a Java client to generate custom SAML assertions to get OAuth tokens from WSO2 API Manager which supports SAML2 Bearer Assertion Profile. (https://nallaa.wordpress.com/2013/04/04/saml2-bearer-assertion-profile-for-oauth-2-0-with-wso2-identity-server/)

This is to issue OAuth tokens to anonymous users who dont have a login in WSO2 IS. I am generating small id for these users. Using that unique id I generate SAML assertions.

Now I want to move this logic to node.js. Is there a way to create SAML assertions in node.js similar to this logic?

    private Assertion buildSAMLAssertion() throws Exception {

        DefaultBootstrap.bootstrap();
        Assertion samlAssertion = new AssertionBuilder().buildObject();
        try {
            DateTime currentTime = new DateTime();
            DateTime notOnOrAfter = new DateTime(currentTime.getMillis() + 60 * 60 * 1000);
            samlAssertion.setID(createID());
            samlAssertion.setVersion(SAMLVersion.VERSION_20);
            samlAssertion.setIssuer(getIssuer());
            samlAssertion.setIssueInstant(currentTime);
            Subject subject = new SubjectBuilder().buildObject();

            NameID nameId = new NameIDBuilder().buildObject();
            nameId.setValue(username);
            nameId.setFormat(NameIdentifier.EMAIL);

            subject.setNameID(nameId);

            SubjectConfirmation subjectConfirmation =
                    new SubjectConfirmationBuilder().buildObject();
            subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");

            SubjectConfirmationData scData = new SubjectConfirmationDataBuilder().buildObject();
            scData.setRecipient(recipient);
            scData.setNotOnOrAfter(notOnOrAfter);
            scData.setInResponseTo(id);
            subjectConfirmation.setSubjectConfirmationData(scData);

            subject.getSubjectConfirmations().add(subjectConfirmation);

            samlAssertion.setSubject(subject);

            AuthnStatement authStmt = new AuthnStatementBuilder().buildObject();
            authStmt.setAuthnInstant(new DateTime());

            AuthnContext authContext = new AuthnContextBuilder().buildObject();
            AuthnContextClassRef authCtxClassRef = new AuthnContextClassRefBuilder().buildObject();
            authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
            authContext.setAuthnContextClassRef(authCtxClassRef);
            authStmt.setAuthnContext(authContext);
            samlAssertion.getAuthnStatements().add(authStmt);

            if (claims != null) {
                samlAssertion.getAttributeStatements().add(buildAttributeStatement(claims));
            }

            AudienceRestriction audienceRestriction =
                    new AudienceRestrictionBuilder().buildObject();
            if (requestedAudiences != null) {
                for (String requestedAudience : requestedAudiences) {
                    Audience audience = new AudienceBuilder().buildObject();
                    audience.setAudienceURI(requestedAudience);
                    audienceRestriction.getAudiences().add(audience);
                }
            }
            Conditions conditions = new ConditionsBuilder().buildObject();
            conditions.setNotBefore(currentTime);
            conditions.setNotOnOrAfter(notOnOrAfter);
            conditions.getAudienceRestrictions().add(audienceRestriction);
            samlAssertion.setConditions(conditions);

            if (doAssertionSigning) {
                setSignature(samlAssertion, XMLSignature.ALGO_ID_SIGNATURE_RSA, getCredential());
            }

        } catch (Exception e) {
            e.printStackTrace();
        }

        return samlAssertion;
    }
1

1 Answers

0
votes

This[1] is the only library I was able to find related to building SAML Assertions. You can find the source code for the library here [2]. Give it a try to explore it's capabilties. It currently seem to only support SAML 1.1 tokens

[1] https://www.npmjs.com/package/saml

[2] https://github.com/auth0/node-saml