Added a configuration option 'disableRequestedAuthnContext' for… (#1097)

Added a configuration option 'disableRequestedAuthnContext' for passport-saml
2019-07-31 23:42:29 +08:00 · 2019-07-31 23:42:29 +08:00 · 5256fe9817
parent fadc599fe7 0af9bfb015
commit 5256fe9817
5 changed files with 6 additions and 1 deletions
--- a/config.json.example
+++ b/config.json.example
@ -93,6 +93,7 @@
            "idpCert": "change: certificate file path of IdP in PEM format",
            "issuer": "change or delete: identity of the service provider (default: serverurl)",
            "identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')",
+            "disableRequestedAuthnContext": "change or delete: true to allow any authentication method, false restricts to password authentication method (default: false)",
            "groupAttribute": "change or delete: attribute name for group list (ex: memberOf)",
            "requiredGroups": [ "change or delete: group names that allowed" ],
            "externalGroups": [ "change or delete: group names that not allowed" ],
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -141,6 +141,7 @@ module.exports = {
    idpCert: undefined,
    issuer: undefined,
    identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+    disableRequestedAuthnContext: false,
    groupAttribute: undefined,
    externalGroups: [],
    requiredGroups: [],
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -117,6 +117,7 @@ module.exports = {
    idpCert: process.env.CMD_SAML_IDPCERT,
    issuer: process.env.CMD_SAML_ISSUER,
    identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
+    disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
    groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE,
    externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []),
    requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []),
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@ -110,6 +110,7 @@ module.exports = {
    idpCert: process.env.HMD_SAML_IDPCERT,
    issuer: process.env.HMD_SAML_ISSUER,
    identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
+    disableRequestedAuthnContext: toBooleanConfig(process.env.HMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
    groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
    externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []),
    requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []),
--- a/lib/web/auth/saml/index.js
+++ b/lib/web/auth/saml/index.js
@ -17,7 +17,8 @@ passport.use(new SamlStrategy({
  entryPoint: config.saml.idpSsoUrl,
  issuer: config.saml.issuer || config.serverURL,
  cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),
-  identifierFormat: config.saml.identifierFormat
+  identifierFormat: config.saml.identifierFormat,
+  disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext
 }, function (user, done) {
  // check authorization if needed
  if (config.saml.externalGroups && config.saml.groupAttribute) {