Merge pull request #3987 from overleaf/jel-ukamf-script

Check if IdP metadata to hide set GitOrigin-RevId: 7a30961730b21d512b55faf718e5fe97e15eb6ce
2024-11-07 20:31:06 -05:00 · 2021-05-11 09:08:42 -05:00 · 2021-05-11 09:08:42 -05:00 · 29264061d8
commit 29264061d8
parent 5d7faa7977
2 changed files with 30 additions and 0 deletions
--- a/services/web/scripts/ukamf/metadata-processor.js
+++ b/services/web/scripts/ukamf/metadata-processor.js
@ -61,4 +61,13 @@ async function main() {
  console.log(`SSO Entity ID: ${samlConfig.entityId}\n`)
  console.log(`SSO Entry Point: ${samlConfig.entryPoint}\n`)
  console.log(`SSO Certificate: ${samlConfig.cert}\n`)
+  if (samlConfig.hiddenIdP) {
+    console.log('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
+    console.log('!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!')
+    console.log(
+      `The IdP metadata indicates it should be\nhidden from discovery. Check this is\nthe correct entity ID before using.`
+    )
+    console.log('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
+    console.log('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
+  }
 }
--- a/services/web/scripts/ukamf/ukamf-entity.js
+++ b/services/web/scripts/ukamf/ukamf-entity.js
@ -8,8 +8,28 @@ class UKAMFEntity {
  }

  getSamlConfig() {
+    let hiddenIdP = false
    const idp = this.data.IDPSSODescriptor[0]
+    const idpMetaData =
+      _.get(this.data, [
+        'Extensions',
+        0,
+        'mdattr:EntityAttributes',
+        0,
+        'saml:Attribute',
+      ]) || []
+    idpMetaData.forEach(data => {
+      const value = _.get(data, ['saml:AttributeValue', 0])
+      if (
+        value === 'http://refeds.org/category/hide-from-discovery' ||
+        value === 'https://refeds.org/category/hide-from-discovery'
+      ) {
+        hiddenIdP = true
+      }
+    })
+
    const keys = idp.KeyDescriptor
+
    const signingKey =
      keys.length === 1
        ? keys[0]
@ -43,6 +63,7 @@ class UKAMFEntity {
      cert,
      entityId,
      entryPoint,
+      hiddenIdP,
    }
  }
 }