feat(saml): add config options to set required signings

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2025-05-31 07:08:40 -04:00 · 2025-04-09 21:32:22 +02:00 · 2025-04-09 21:32:22 +02:00 · cc74351846
commit cc74351846
parent 639eee078d
5 changed files with 67 additions and 44 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -162,7 +162,9 @@ module.exports = {
      id: undefined,
      username: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
      email: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
-    }
+    },
+    wantAssertionsSigned: true,
+    wantAuthnResponseSigned: true
  },
  email: true,
  allowEmailRegister: true,
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -146,6 +146,8 @@ module.exports = {
    issuer: process.env.CMD_SAML_ISSUER,
    identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
    disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
+    wantAssertionsSigned: toBooleanConfig(process.env.CMD_SAML_WANT_ASSERTIONS_SIGNED),
+    wantAuthnResponseSigned: toBooleanConfig(process.env.CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED),
    groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE,
    externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []),
    requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []),