fix(saml): change SAML attribute default, verify that a NameID is defined

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>

lib/config/default.js

@@ -160,8 +160,8 @@ module.exports = {
     requiredGroups: [],
     attribute: {
       id: undefined,
-      username: undefined,
-      email: undefined
+      username: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
+      email: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
     }
   },
   email: true,

lib/web/auth/saml/index.js

@@ -56,14 +56,15 @@ passport.use(
       }
       // user creation
       const uuid = user[config.saml.attribute.id] || user.nameID
+      if (!uuid) {
+        logger.error('saml auth failed: id not found')
+        return done('Permission denied', null)
+      }
       const profile = {
         provider: 'saml',
         id: 'SAML-' + uuid,
         username: user[config.saml.attribute.username] || user.nameID,
-        emails: user[config.saml.attribute.email] ? [user[config.saml.attribute.email]] : []
-      }
-      if (profile.emails.length === 0 && config.saml.identifierFormat === 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress') {
-        profile.emails.push(user.nameID)
+        emails: user[config.saml.attribute.email] ? [user[config.saml.attribute.email]] : config.saml.identifierFormat === 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' ? [user.nameID] : []
       }
       const stringifiedProfile = JSON.stringify(profile)
       models.User.findOrCreate({