From 29264061d84430856a8679eb28a286c04dd77358 Mon Sep 17 00:00:00 2001 From: Jessica Lawshe Date: Tue, 11 May 2021 09:08:42 -0500 Subject: [PATCH] Merge pull request #3987 from overleaf/jel-ukamf-script Check if IdP metadata to hide set GitOrigin-RevId: 7a30961730b21d512b55faf718e5fe97e15eb6ce --- .../web/scripts/ukamf/metadata-processor.js | 9 ++++++++ services/web/scripts/ukamf/ukamf-entity.js | 21 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/services/web/scripts/ukamf/metadata-processor.js b/services/web/scripts/ukamf/metadata-processor.js index 5017f3dcae..5f0c1c1d21 100644 --- a/services/web/scripts/ukamf/metadata-processor.js +++ b/services/web/scripts/ukamf/metadata-processor.js @@ -61,4 +61,13 @@ async function main() { console.log(`SSO Entity ID: ${samlConfig.entityId}\n`) console.log(`SSO Entry Point: ${samlConfig.entryPoint}\n`) console.log(`SSO Certificate: ${samlConfig.cert}\n`) + if (samlConfig.hiddenIdP) { + console.log('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') + console.log('!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!') + console.log( + `The IdP metadata indicates it should be\nhidden from discovery. Check this is\nthe correct entity ID before using.` + ) + console.log('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') + console.log('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') + } } diff --git a/services/web/scripts/ukamf/ukamf-entity.js b/services/web/scripts/ukamf/ukamf-entity.js index b4ad596cf8..689db8c37c 100644 --- a/services/web/scripts/ukamf/ukamf-entity.js +++ b/services/web/scripts/ukamf/ukamf-entity.js @@ -8,8 +8,28 @@ class UKAMFEntity { } getSamlConfig() { + let hiddenIdP = false const idp = this.data.IDPSSODescriptor[0] + const idpMetaData = + _.get(this.data, [ + 'Extensions', + 0, + 'mdattr:EntityAttributes', + 0, + 'saml:Attribute', + ]) || [] + idpMetaData.forEach(data => { + const value = _.get(data, ['saml:AttributeValue', 0]) + if ( + value === 'http://refeds.org/category/hide-from-discovery' || + value === 'https://refeds.org/category/hide-from-discovery' + ) { + hiddenIdP = true + } + }) + const keys = idp.KeyDescriptor + const signingKey = keys.length === 1 ? keys[0] @@ -43,6 +63,7 @@ class UKAMFEntity { cert, entityId, entryPoint, + hiddenIdP, } } }