npm - samlesa - Versions diffs - 2.13.0 → 2.14.1 - Mend

samlesa 2.13.0 → 2.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of samlesa might be problematic. Click here for more details.

Files changed (149) hide show

package/LICENSE +1 -1
package/README.md +36 -65
package/build/.idea/deployment.xml +14 -0
package/{src → build}/.idea/modules.xml +1 -1
package/build/.idea/workspace.xml +57 -0
package/build/index.js +18 -54
package/build/index.js.map +1 -1
package/build/src/api.js +18 -24
package/build/src/api.js.map +1 -1
package/build/src/binding-post.js +337 -365
package/build/src/binding-post.js.map +1 -1
package/build/src/binding-redirect.js +312 -340
package/build/src/binding-redirect.js.map +1 -1
package/build/src/binding-simplesign.js +201 -229
package/build/src/binding-simplesign.js.map +1 -1
package/build/src/entity-idp.js +119 -127
package/build/src/entity-idp.js.map +1 -1
package/build/src/entity-sp.js +88 -96
package/build/src/entity-sp.js.map +1 -1
package/build/src/entity.js +193 -225
package/build/src/entity.js.map +1 -1
package/build/src/extractor.js +361 -369
package/build/src/extractor.js.map +1 -1
package/build/src/flow.js +313 -320
package/build/src/flow.js.map +1 -1
package/build/src/libsaml.js +693 -721
package/build/src/libsaml.js.map +1 -1
package/build/src/metadata-idp.js +119 -127
package/build/src/metadata-idp.js.map +1 -1
package/build/src/metadata-sp.js +223 -231
package/build/src/metadata-sp.js.map +1 -1
package/build/src/metadata.js +138 -166
package/build/src/metadata.js.map +1 -1
package/build/src/types.js +4 -11
package/build/src/types.js.map +1 -1
package/build/src/urn.js +204 -212
package/build/src/urn.js.map +1 -1
package/build/src/utility.js +277 -292
package/build/src/utility.js.map +1 -1
package/build/src/validator.js +24 -27
package/build/src/validator.js.map +1 -1
package/package.json +19 -14
package/types/api.d.ts +15 -0
package/types/api.d.ts.map +1 -0
package/types/binding-post.d.ts +48 -0
package/types/binding-post.d.ts.map +1 -0
package/types/binding-redirect.d.ts +54 -0
package/types/binding-redirect.d.ts.map +1 -0
package/types/binding-simplesign.d.ts +41 -0
package/types/binding-simplesign.d.ts.map +1 -0
package/types/entity-idp.d.ts +38 -0
package/types/entity-idp.d.ts.map +1 -0
package/types/entity-sp.d.ts +38 -0
package/types/entity-sp.d.ts.map +1 -0
package/types/entity.d.ts +100 -0
package/types/entity.d.ts.map +1 -0
package/types/extractor.d.ts +26 -0
package/types/extractor.d.ts.map +1 -0
package/types/flow.d.ts +7 -0
package/types/flow.d.ts.map +1 -0
package/types/index.d.ts +11 -10
package/types/index.d.ts.map +1 -0
package/types/libsaml.d.ts +208 -0
package/types/libsaml.d.ts.map +1 -0
package/types/metadata-idp.d.ts +25 -0
package/types/metadata-idp.d.ts.map +1 -0
package/types/metadata-sp.d.ts +37 -0
package/types/metadata-sp.d.ts.map +1 -0
package/types/metadata.d.ts +58 -0
package/types/metadata.d.ts.map +1 -0
package/types/src/api.d.ts +15 -13
package/types/src/api.d.ts.map +1 -0
package/types/src/binding-post.d.ts +48 -47
package/types/src/binding-post.d.ts.map +1 -0
package/types/src/binding-redirect.d.ts +54 -53
package/types/src/binding-redirect.d.ts.map +1 -0
package/types/src/binding-simplesign.d.ts +41 -40
package/types/src/binding-simplesign.d.ts.map +1 -0
package/types/src/entity-idp.d.ts +38 -37
package/types/src/entity-idp.d.ts.map +1 -0
package/types/src/entity-sp.d.ts +38 -36
package/types/src/entity-sp.d.ts.map +1 -0
package/types/src/entity.d.ts +100 -101
package/types/src/entity.d.ts.map +1 -0
package/types/src/extractor.d.ts +26 -25
package/types/src/extractor.d.ts.map +1 -0
package/types/src/flow.d.ts +7 -6
package/types/src/flow.d.ts.map +1 -0
package/types/src/libsaml.d.ts +208 -209
package/types/src/libsaml.d.ts.map +1 -0
package/types/src/metadata-idp.d.ts +25 -24
package/types/src/metadata-idp.d.ts.map +1 -0
package/types/src/metadata-sp.d.ts +37 -36
package/types/src/metadata-sp.d.ts.map +1 -0
package/types/src/metadata.d.ts +58 -59
package/types/src/metadata.d.ts.map +1 -0
package/types/src/types.d.ts +128 -129
package/types/src/types.d.ts.map +1 -0
package/types/src/urn.d.ts +195 -194
package/types/src/urn.d.ts.map +1 -0
package/types/src/utility.d.ts +133 -134
package/types/src/utility.d.ts.map +1 -0
package/types/src/validator.d.ts +4 -3
package/types/src/validator.d.ts.map +1 -0
package/types/types.d.ts +128 -0
package/types/types.d.ts.map +1 -0
package/types/urn.d.ts +195 -0
package/types/urn.d.ts.map +1 -0
package/types/utility.d.ts +133 -0
package/types/utility.d.ts.map +1 -0
package/types/validator.d.ts +4 -0
package/types/validator.d.ts.map +1 -0
package/.editorconfig +0 -19
package/.github/FUNDING.yml +0 -1
package/.idea/inspectionProfiles/Project_Default.xml +0 -6
package/.idea/modules.xml +0 -8
package/.idea/vcs.xml +0 -6
package/.pre-commit.sh +0 -15
package/.snyk +0 -8
package/.travis.yml +0 -29
package/Makefile +0 -25
package/index.d.ts +0 -10
package/index.js +0 -19
package/index.js.map +0 -1
package/index.ts +0 -28
package/qodana.yaml +0 -29
package/src/.idea/src.iml +0 -12
package/src/.idea/vcs.xml +0 -6
package/src/api.ts +0 -36
package/src/binding-post.ts +0 -348
package/src/binding-redirect.ts +0 -356
package/src/binding-simplesign.ts +0 -238
package/src/entity-idp.ts +0 -153
package/src/entity-sp.ts +0 -114
package/src/entity.ts +0 -243
package/src/extractor.ts +0 -392
package/src/flow.ts +0 -467
package/src/libsaml.ts +0 -895
package/src/metadata-idp.ts +0 -146
package/src/metadata-sp.ts +0 -268
package/src/metadata.ts +0 -166
package/src/types.ts +0 -153
package/src/urn.ts +0 -211
package/src/utility.ts +0 -319
package/src/validator.ts +0 -39
package/tsconfig.json +0 -38
package/tslint.json +0 -35
package/types.d.ts +0 -2
/package/{.idea/samlify.iml → build/.idea/build.iml} +0 -0

package/src/binding-redirect.ts DELETED Viewed

@@ -1,356 +0,0 @@
-/**
- * @file binding-redirect.ts
- * @author tngan
- * @desc Binding-level API, declare the functions using Redirect binding
- */
-import utility, {get} from './utility.js';
-import libsaml from './libsaml.js';
-import {BindingContext} from './entity.js';
-import {IdentityProvider as Idp} from './entity-idp.js';
-import {ServiceProvider as Sp} from './entity-sp.js';
-import {wording, namespace} from './urn.js';
-const binding = wording.binding;
-const urlParams = wording.urlParams;
-export interface BuildRedirectConfig {
-  baseUrl: string;
-  type: string;
-  isSigned: boolean;
-  context: string;
-  entitySetting: any;
-  relayState?: string;
-}
-/**
- * @private
- * @desc Helper of generating URL param/value pair
- * @param  {string} param     key
- * @param  {string} value     value of key
- * @param  {boolean} first    determine whether the param is the starting one in order to add query header '?'
- * @return {string}
- */
-function pvPair(param: string, value: string, first?: boolean): string {
-  return (first === true ? '?' : '&') + param + '=' + value;
-}
-/**
- * @private
- * @desc Refractored part of URL generation for login/logout request
- * @param  {string} type
- * @param  {boolean} isSigned
- * @param  {string} rawSamlRequest
- * @param  {object} entitySetting
- * @return {string}
- */
-function buildRedirectURL(opts: BuildRedirectConfig) {
-  const {
-    baseUrl,
-    type,
-    isSigned,
-    context,
-    entitySetting,
-  } = opts;
-  let {relayState = ''} = opts;
-  let noParams = true
-  try {
-    noParams = new URL(baseUrl)?.searchParams?.size === 0
-  } catch {
-    noParams = true
-  }
-  const queryParam = libsaml.getQueryParamByType(type);
-  // In general, this xmlstring is required to do deflate -> base64 -> urlencode
-  const samlRequest = encodeURIComponent(utility.base64Encode(utility.deflateString(context)));
-  if (relayState !== '') {
-    relayState = pvPair(urlParams.relayState, encodeURIComponent(relayState));
-  }
-  if (isSigned) {
-    const sigAlg = pvPair(urlParams.sigAlg, encodeURIComponent(entitySetting.requestSignatureAlgorithm));
-    const octetString = samlRequest + relayState + sigAlg;
-    return baseUrl
-      + pvPair(queryParam, octetString, noParams)
-      + pvPair(urlParams.signature, encodeURIComponent(
-          libsaml.constructMessageSignature(
-            queryParam + '=' + octetString,
-            entitySetting.privateKey,
-            entitySetting.privateKeyPass,
-            undefined,
-            entitySetting.requestSignatureAlgorithm
-          ).toString()
-        )
-      );
-  }
-  return baseUrl + pvPair(queryParam, samlRequest + relayState, noParams);
-}
-/**
- * @desc Redirect URL for login request
- * @param  {object} entity                       object includes both idp and sp
- * @param  {function} customTagReplacement      used when developers have their own login response template
- * @return {string} redirect URL
- */
-function loginRequestRedirectURL(entity: {
-  idp: Idp,
-  sp: Sp
-}, customTagReplacement?: (template: string) => BindingContext): BindingContext {
-  const metadata: any = {idp: entity.idp.entityMeta, sp: entity.sp.entityMeta};
-  const spSetting: any = entity.sp.entitySetting;
-  let id: string = '';
-  if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.idp.getSingleSignOnService(binding.redirect);
-    let rawSamlRequest: string;
-    if (spSetting.loginRequestTemplate && customTagReplacement) {
-      const info = customTagReplacement(spSetting.loginRequestTemplate);
-      id = get(info, 'id', null);
-      rawSamlRequest = get(info, 'context', null);
-    } else {
-      const nameIDFormat = spSetting.nameIDFormat;
-      const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-      id = spSetting.generateID();
-      rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLoginRequestTemplate.context, {
-        ID: id,
-        Destination: base,
-        Issuer: metadata.sp.getEntityID(),
-        IssueInstant: new Date().toISOString(),
-        NameIDFormat: selectedNameIDFormat,
-        AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
-        EntityID: metadata.sp.getEntityID(),
-        AllowCreate: spSetting.allowCreate,
-      } as any);
-    }
-    return {
-      id,
-      context: buildRedirectURL({
-        context: rawSamlRequest,
-        type: urlParams.samlRequest,
-        isSigned: metadata.sp.isAuthnRequestSigned(),
-        entitySetting: spSetting,
-        baseUrl: base,
-        relayState: spSetting.relayState,
-      }),
-    };
-  }
-  throw new Error('ERR_GENERATE_REDIRECT_LOGIN_REQUEST_MISSING_METADATA');
-}
-/**
- * @desc Redirect URL for login response
- * @param  {object} requestInfo             corresponding request, used to obtain the id
- * @param  {object} entity                      object includes both idp and sp
- * @param  {object} user                         current logged user (e.g. req.user)
- * @param  {String} relayState                the relaystate sent by sp corresponding request
- * @param  {function} customTagReplacement     used when developers have their own login response template
- * @param AttributeStatement
- */
-function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {}, relayState?: string, customTagReplacement?: (template: string) => BindingContext,AttributeStatement =[]): BindingContext {
-  const idpSetting = entity.idp.entitySetting;
-  const spSetting = entity.sp.entitySetting;
-  const metadata = {
-    idp: entity.idp.entityMeta,
-    sp: entity.sp.entityMeta,
-  };
-  let id: string = idpSetting.generateID();
-  if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.sp.getAssertionConsumerService(binding.redirect) ;
-    if(!base){
-      throw new Error('dont have a base url');
-    }
-    let rawSamlResponse: string;
-    //
-    const nameIDFormat = idpSetting.nameIDFormat;
-    const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-    const nowTime = new Date();
-    // Five minutes later : nowtime  + 5 * 60 * 1000 (in milliseconds)
-    const fiveMinutesLaterTime = new Date(nowTime.getTime() + 300_000);
-    const now = nowTime.toISOString();
-    console.log(`现在是北京时间:${nowTime.toLocaleString()}`)
-    const sessionIndex = 'session'+idpSetting.generateID(); // 这个是当前系统的会话索引，用于单点注销
-    const tenHoursLaterTime = new Date(nowTime.getTime());
-    tenHoursLaterTime.setHours(tenHoursLaterTime.getHours() + 10);
-    const tenHoursLater = tenHoursLaterTime.toISOString();
-    const tvalue: any = {
-      ID: id,
-      AssertionID: idpSetting.generateID(),
-      Destination: base,
-      SubjectRecipient: base,
-      Issuer: metadata.idp.getEntityID(),
-      Audience: metadata.sp.getEntityID(),
-      EntityID: metadata.sp.getEntityID(),
-      IssueInstant: nowTime.toISOString(),
-      AssertionConsumerServiceURL: base,
-      StatusCode: namespace.statusCode.success,
-      // can be customized
-      ConditionsNotBefore: nowTime.toISOString(),
-      ConditionsNotOnOrAfter: fiveMinutesLaterTime.toISOString(),
-      SubjectConfirmationDataNotOnOrAfter: fiveMinutesLaterTime.toISOString(),
-      NameIDFormat: selectedNameIDFormat,
-      NameID: user.NameID || '',
-      InResponseTo: get(requestInfo, 'extract.request.id', ''),
-      AuthnStatement: `<saml:AuthnStatement AuthnInstant="${now}" SessionNotOnOrAfter="${tenHoursLater}" SessionIndex="${sessionIndex}"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>`,
-      AttributeStatement: libsaml.attributeStatementBuilder(AttributeStatement),
-    };
-    if (idpSetting.loginResponseTemplate && customTagReplacement) {
-      const template = customTagReplacement(idpSetting.loginResponseTemplate.context);
-      id = get(template, 'id', null);
-      rawSamlResponse = get(template, 'context', null);
-    } else {
-      if (requestInfo !== null) {
-        tvalue.InResponseTo = requestInfo?.extract?.request?.id;
-      }
-      rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLoginResponseTemplate.context, tvalue);
-    }
-    const {privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm} = idpSetting;
-    const config = {
-      privateKey,
-      privateKeyPass,
-      signatureAlgorithm,
-      signingCert: metadata.idp.getX509Certificate('signing'),
-      isBase64Output: false,
-    };
-    // step: sign assertion ? -> encrypted ? -> sign message ?
-    if (metadata.sp.isWantAssertionsSigned()) {
-      rawSamlResponse = libsaml.constructSAMLSignature({
-        ...config,
-        rawSamlMessage: rawSamlResponse,
-        transformationAlgorithms: spSetting.transformationAlgorithms,
-        referenceTagXPath: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']",
-        signatureConfig: {
-          prefix: 'ds',
-          location: {
-            reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']",
-            action: 'after'
-          },
-        },
-      });
-    }
-    // Like in post binding, SAML response is always signed
-    return {
-      id,
-      context: buildRedirectURL({
-        baseUrl: base,
-        type: urlParams.samlResponse,
-        isSigned: true,
-        context: rawSamlResponse,
-        entitySetting: idpSetting,
-        relayState,
-      }),
-    };
-  }
-  throw new Error('ERR_GENERATE_REDIRECT_LOGIN_RESPONSE_MISSING_METADATA');
-}
-/**
- * @desc Redirect URL for logout request
- * @param  {object} user                        current logged user (e.g. req.user)
- * @param  {object} entity                      object includes both idp and sp
- * @param  {function} customTagReplacement     used when developers have their own login response template
- * @return {string} redirect URL
- */
-function logoutRequestRedirectURL(user, entity, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext {
-  const metadata = {init: entity.init.entityMeta, target: entity.target.entityMeta};
-  const initSetting = entity.init.entitySetting;
-  let id: string = initSetting.generateID();
-  const nameIDFormat = initSetting.nameIDFormat;
-  const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-  if (metadata && metadata.init && metadata.target) {
-    const base = metadata.target.getSingleLogoutService(binding.redirect);
-    let rawSamlRequest: string = '';
-    const requiredTags = {
-      ID: id,
-      Destination: base,
-      EntityID: metadata.init.getEntityID(),
-      Issuer: metadata.init.getEntityID(),
-      IssueInstant: new Date().toISOString(),
-      NameIDFormat: selectedNameIDFormat,
-      NameID: user.NameID || '',
-      SessionIndex: user.sessionIndex,
-    };
-    if (initSetting.logoutRequestTemplate && customTagReplacement) {
-      const info = customTagReplacement(initSetting.logoutRequestTemplate, requiredTags);
-      id = get(info, 'id', null);
-      rawSamlRequest = get(info, 'context', null);
-    } else {
-      rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLogoutRequestTemplate.context, requiredTags as any);
-    }
-    return {
-      id,
-      context: buildRedirectURL({
-        context: rawSamlRequest,
-        relayState,
-        type: urlParams.logoutRequest,
-        isSigned: entity.target.entitySetting.wantLogoutRequestSigned,
-        entitySetting: initSetting,
-        baseUrl: base,
-      }),
-    };
-  }
-  throw new Error('ERR_GENERATE_REDIRECT_LOGOUT_REQUEST_MISSING_METADATA');
-}
-/**
- * @desc Redirect URL for logout response
- * @param  {object} requescorresponding request, used to obtain the id
- * @param  {object} entity                      object includes both idp and sp
- * @param  {function} customTagReplacement     used when developers have their own login response template
- */
-function logoutResponseRedirectURL(requestInfo: any, entity: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext {
-  const metadata = {
-    init: entity.init.entityMeta,
-    target: entity.target.entityMeta,
-  };
-  const initSetting = entity.init.entitySetting;
-  let id: string = initSetting.generateID();
-  if (metadata && metadata.init && metadata.target) {
-    const base = metadata.target.getSingleLogoutService(binding.redirect);
-    let rawSamlResponse: string;
-    if (initSetting.logoutResponseTemplate && customTagReplacement) {
-      const template = customTagReplacement(initSetting.logoutResponseTemplate);
-      id = get(template, 'id', null);
-      rawSamlResponse = get(template, 'context', null);
-    } else {
-      const tvalue: any = {
-        ID: id,
-        Destination: base,
-        Issuer: metadata.init.getEntityID(),
-        EntityID: metadata.init.getEntityID(),
-        IssueInstant: new Date().toISOString(),
-        StatusCode: namespace.statusCode.success,
-      };
-      if (requestInfo && requestInfo.extract && requestInfo.extract.request) {
-        tvalue.InResponseTo = requestInfo?.extract?.request?.id;
-      }
-      rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLogoutResponseTemplate.context, tvalue);
-    }
-    return {
-      id,
-      context: buildRedirectURL({
-        baseUrl: base,
-        type: urlParams.logoutResponse,
-        isSigned: entity.target.entitySetting.wantLogoutResponseSigned,
-        context: rawSamlResponse,
-        entitySetting: initSetting,
-        relayState,
-      }),
-    };
-  }
-  throw new Error('ERR_GENERATE_REDIRECT_LOGOUT_RESPONSE_MISSING_METADATA');
-}
-const redirectBinding = {
-  loginRequestRedirectURL,
-  loginResponseRedirectURL,
-  logoutRequestRedirectURL,
-  logoutResponseRedirectURL,
-};
-export default redirectBinding;

package/src/binding-simplesign.ts DELETED Viewed

@@ -1,238 +0,0 @@
-/**
-* @file binding-simplesign.ts
-* @author Orange
-* @desc Binding-level API, declare the functions using POST SimpleSign binding
-*/
-import { wording, StatusCode } from './urn.js';
-import { BindingContext, SimpleSignComputedContext } from './entity.js';
-import libsaml from './libsaml.js';
-import utility, { get } from './utility.js';
-const binding = wording.binding;
-const urlParams = wording.urlParams;
-export interface BuildSimpleSignConfig {
-  type: string;
-  context: string;
-  entitySetting: any;
-  relayState?: string;
-}
-export interface BindingSimpleSignContext {
-  id: string;
-  context: string;
-  signature: any;
-  sigAlg: string;
-}
-/**
-* @private
-* @desc Helper of generating URL param/value pair
-* @param  {string} param     key
-* @param  {string} value     value of key
-* @param  {boolean} first    determine whether the param is the starting one in order to add query header '?'
-* @return {string}
-*/
-function pvPair(param: string, value: string, first?: boolean): string {
-  return (first === true ? '?' : '&') + param + '=' + value;
-}
-/**
-* @private
-* @desc Refactored part of simple signature generation for login/logout request
-* @param  {string} type
-* @param  {string} rawSamlRequest
-* @param  {object} entitySetting
-* @return {string}
-*/
-function buildSimpleSignature(opts: BuildSimpleSignConfig) : string {
-  const {
-    type,
-    context,
-    entitySetting,
-  } = opts;
-  let { relayState = '' } = opts;
-  const queryParam = libsaml.getQueryParamByType(type);
-  if (relayState !== '') {
-    relayState = pvPair(urlParams.relayState, relayState);
-  }
-  const sigAlg = pvPair(urlParams.sigAlg, entitySetting.requestSignatureAlgorithm);
-  const octetString = context + relayState + sigAlg;
-  return libsaml.constructMessageSignature(
-    queryParam + '=' + octetString,
-    entitySetting.privateKey,
-    entitySetting.privateKeyPass,
-    undefined,
-    entitySetting.requestSignatureAlgorithm
-  ).toString();
-}
-/**
-* @desc Generate a base64 encoded login request
-* @param  {string} referenceTagXPath           reference uri
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-function base64LoginRequest(entity: any, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext {
-  const metadata = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta };
-  const spSetting = entity.sp.entitySetting;
-  let id: string = '';
-  if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.idp.getSingleSignOnService(binding.simpleSign);
-    let rawSamlRequest: string;
-    if (spSetting.loginRequestTemplate && customTagReplacement) {
-      const info = customTagReplacement(spSetting.loginRequestTemplate.context);
-      id = get(info, 'id', null);
-      rawSamlRequest = get(info, 'context', null);
-    } else {
-      const nameIDFormat = spSetting.nameIDFormat;
-      const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-      id = spSetting.generateID();
-      rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLoginRequestTemplate.context, {
-        ID: id,
-        Destination: base,
-        Issuer: metadata.sp.getEntityID(),
-        IssueInstant: new Date().toISOString(),
-        AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.simpleSign),
-        EntityID: metadata.sp.getEntityID(),
-        AllowCreate: spSetting.allowCreate,
-        NameIDFormat: selectedNameIDFormat
-      } as any);
-    }
-    let simpleSignatureContext : any = null;
-    if (metadata.idp.isWantAuthnRequestsSigned()) {
-        const simpleSignature = buildSimpleSignature({
-            type: urlParams.samlRequest,
-            context: rawSamlRequest,
-            entitySetting: spSetting,
-            relayState: spSetting.relayState,
-        });
-        simpleSignatureContext = {
-          signature: simpleSignature,
-          sigAlg: spSetting.requestSignatureAlgorithm,
-        };
-    }
-    // No need to embeded XML signature
-    return {
-      id,
-      context: utility.base64Encode(rawSamlRequest),
-      ...simpleSignatureContext,
-    };
-  }
-  throw new Error('ERR_GENERATE_POST_SIMPLESIGN_LOGIN_REQUEST_MISSING_METADATA');
-}
-/**
- * @desc Generate a base64 encoded login response
- * @param  {object} requestInfo                 corresponding request, used to obtain the id
- * @param  {object} entity                      object includes both idp and sp
- * @param  {object} user                        current logged user (e.g. req.user)
- * @param  {string}  relayState               the relay state
- * @param  {function} customTagReplacement     used when developers have their own login response template
- * @param AttributeStatement
- */
-async function base64LoginResponse(requestInfo: any = {}, entity: any, user: any = {}, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement:[] = []): Promise<BindingSimpleSignContext> {
-  const idpSetting = entity.idp.entitySetting;
-  const spSetting = entity.sp.entitySetting;
-  const id = idpSetting.generateID();
-  const metadata = {
-    idp: entity.idp.entityMeta,
-    sp: entity.sp.entityMeta,
-  };
-  const nameIDFormat = idpSetting.nameIDFormat;
-  const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-  if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.sp.getAssertionConsumerService(binding.simpleSign);
-    let rawSamlResponse: string;
-    const nowTime = new Date();
-    // Five minutes later : nowtime  + 5 * 60 * 1000 (in milliseconds)
-    const fiveMinutesLaterTime = new Date(nowTime.getTime() + 300_000 );
-    const now = nowTime.toISOString();
-    console.log(`现在是北京时间:${nowTime.toLocaleString()}`)
-    const sessionIndex = 'session'+idpSetting.generateID(); // 这个是当前系统的会话索引，用于单点注销
-    const tenHoursLaterTime = new Date(nowTime.getTime());
-    tenHoursLaterTime.setHours(tenHoursLaterTime.getHours() + 10);
-    const tenHoursLater = tenHoursLaterTime.toISOString();
-    const tvalue: any = {
-      ID: id,
-      AssertionID: idpSetting.generateID(),
-      Destination: base,
-      Audience: metadata.sp.getEntityID(),
-      EntityID: metadata.sp.getEntityID(),
-      SubjectRecipient: base,
-      Issuer: metadata.idp.getEntityID(),
-      IssueInstant: nowTime.toISOString(),
-      AssertionConsumerServiceURL: base,
-      StatusCode: StatusCode.Success,
-      // can be customized
-      ConditionsNotBefore: nowTime.toISOString(),
-      ConditionsNotOnOrAfter: fiveMinutesLaterTime.toISOString(),
-      SubjectConfirmationDataNotOnOrAfter: fiveMinutesLaterTime.toISOString(),
-      NameIDFormat: selectedNameIDFormat,
-      NameID: user.NameID || '',
-      InResponseTo: get(requestInfo, 'extract.request.id', ''),
-      AuthnStatement: `<saml:AuthnStatement AuthnInstant="${now}" SessionNotOnOrAfter="${tenHoursLater}" SessionIndex="${sessionIndex}"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>`,
-      AttributeStatement: libsaml.attributeStatementBuilder(AttributeStatement),
-    };
-    if (idpSetting.loginResponseTemplate && customTagReplacement) {
-      const template = customTagReplacement(idpSetting.loginResponseTemplate.context);
-      rawSamlResponse = get(template, 'context', null);
-    } else {
-      if (requestInfo !== null) {
-        tvalue.InResponseTo = requestInfo?.extract?.request?.id;
-      }
-      rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLoginResponseTemplate.context, tvalue);
-    }
-    const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm } = idpSetting;
-    const config = {
-      privateKey,
-      privateKeyPass,
-      signatureAlgorithm,
-      signingCert: metadata.idp.getX509Certificate('signing'),
-      isBase64Output: false,
-    };
-    // step: sign assertion ? -> encrypted ? -> sign message ?
-    if (metadata.sp.isWantAssertionsSigned()) {
-      rawSamlResponse = libsaml.constructSAMLSignature({
-        ...config,
-        rawSamlMessage: rawSamlResponse,
-        transformationAlgorithms: spSetting.transformationAlgorithms,
-        referenceTagXPath: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']",
-        signatureConfig: {
-          prefix: 'ds',
-          location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']", action: 'after' },
-        },
-      });
-    }
-    // SAML response must be signed sign message first, then encrypt
-    let simpleSignature: string = '';
-    // like in post and redirect bindings, login response is always signed.
-    simpleSignature = buildSimpleSignature({
-        type: urlParams.samlResponse,
-        context: rawSamlResponse,
-        entitySetting: idpSetting,
-        relayState: relayState,
-    } );
-    return Promise.resolve({
-      id,
-      context: utility.base64Encode(rawSamlResponse),
-      signature: simpleSignature,
-      sigAlg: idpSetting.requestSignatureAlgorithm,
-    });
-  }
-  throw new Error('ERR_GENERATE_POST_SIMPLESIGN_LOGIN_RESPONSE_MISSING_METADATA');
-}
-const simpleSignBinding = {
-    base64LoginRequest,
-    base64LoginResponse,
-  };
-export default simpleSignBinding;