samlesa 2.16.5 → 2.16.6

package/build/src/binding-redirect.js

@@ -5,7 +5,7 @@
  */
 import utility, { get } from './utility.js';
 import libsaml from './libsaml.js';
-import { wording, namespace } from './urn.js';
+import { namespace, wording } from './urn.js';
 const binding = wording.binding;
 const urlParams = wording.urlParams;
 /**
@@ -59,8 +59,9 @@ function buildRedirectURL(opts) {
  * @param  {function} customTagReplacement      used when developers have their own login response template
  * @return {string} redirect URL
  */
+// @ts-ignore
 function loginRequestRedirectURL(entity, customTagReplacement) {
-    const metadata = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta };
+    const metadata = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta, soap: entity.soap ?? false };
     const spSetting = entity.sp.entitySetting;
     let id = '';
     if (metadata && metadata.idp && metadata.sp) {
@@ -100,6 +101,99 @@ function loginRequestRedirectURL(entity, customTagReplacement) {
     }
     throw new Error('ERR_GENERATE_REDIRECT_LOGIN_REQUEST_MISSING_METADATA');
 }
+/**
+ * @desc Redirect URL for login request
+ * @param  {object} entity                       object includes both idp and sp
+ * @param  {function} customTagReplacement      used when developers have their own login response template
+ * @return {string} redirect URL
+ */
+// @ts-ignore
+function loginRequestRedirectURLArt(entity, customTagReplacement) {
+    const metadata = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta, inResponse: entity.inResponse ?? false };
+    const spSetting = entity.sp.entitySetting;
+    let id = '';
+    if (metadata && metadata.idp && metadata.sp) {
+        const base = metadata.idp.getSingleSignOnService(binding.redirect);
+        let rawSamlRequest;
+        if (spSetting.loginRequestTemplate && customTagReplacement) {
+            const info = customTagReplacement(spSetting.loginRequestTemplate);
+            id = get(info, 'id', null);
+            rawSamlRequest = get(info, 'context', null);
+        }
+        else {
+            const nameIDFormat = spSetting.nameIDFormat;
+            const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
+            id = spSetting.generateID();
+            rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLoginRequestTemplate.context, {
+                ID: id,
+                Destination: base,
+                Issuer: metadata.sp.getEntityID(),
+                IssueInstant: new Date().toISOString(),
+                NameIDFormat: selectedNameIDFormat,
+                AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
+                EntityID: metadata.sp.getEntityID(),
+                AllowCreate: spSetting.allowCreate,
+            });
+        }
+        console.log(rawSamlRequest);
+        console.log("-----------------这是原始请求模板-------------------");
+        const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = spSetting;
+        if (metadata.idp.isWantAuthnRequestsSigned()) {
+            let signAuthnRequest = libsaml.constructSAMLSignature({
+                referenceTagXPath: "/*[local-name(.)='AuthnRequest']",
+                privateKey,
+                privateKeyPass,
+                signatureAlgorithm,
+                transformationAlgorithms,
+                isBase64Output: false,
+                rawSamlMessage: rawSamlRequest,
+                signingCert: metadata.sp.getX509Certificate('signing'),
+                signatureConfig: spSetting.signatureConfig || {
+                    prefix: 'ds',
+                    location: {
+                        reference: "/*[local-name(.)='AuthnRequest']/*[local-name(.)='Issuer']",
+                        action: 'after'
+                    },
+                }
+            });
+            console.log(signAuthnRequest);
+            console.log("签名后的模板");
+            rawSamlRequest = signAuthnRequest;
+        }
+        /*            console.log(metadata.idp)
+                    console.log(entity.idp.getEntitySetting())*/
+        let soapTemplate = libsaml.replaceTagsByValue(libsaml.defaultArtAuthnRequestTemplate.context, {
+            ID: id,
+            IssueInstant: new Date().toISOString(),
+            InResponseTo: metadata.inResponse ?? "",
+            Issuer: metadata.sp.getEntityID(),
+            AuthnRequest: rawSamlRequest
+        });
+        console.log(soapTemplate);
+        console.log("======================最后结果========================");
+        console.log("======================开始签名根节点========================");
+        let rootSignSoap = libsaml.constructSAMLSignature({
+            isMessageSigned: true,
+            isBase64Output: false,
+            privateKey,
+            privateKeyPass,
+            signatureAlgorithm,
+            transformationAlgorithms,
+            rawSamlMessage: soapTemplate,
+            signingCert: metadata.sp.getX509Certificate('signing'),
+            signatureConfig: {
+                prefix: 'ds',
+                location: { reference: "//*[local-name()='Header']", action: 'after' },
+            }
+        });
+        console.log(rootSignSoap);
+        console.log("======================已经签名========================");
+        return {
+            authnRequest: rootSignSoap
+        };
+    }
+    throw new Error('ERR_GENERATE_REDIRECT_LOGIN_REQUEST_MISSING_METADATA');
+}
 /**
  * @desc Redirect URL for login response
  * @param  {object} requestInfo             corresponding request, used to obtain the id
@@ -304,6 +398,7 @@ function logoutResponseRedirectURL(requestInfo, entity, relayState, customTagRep
     throw new Error('ERR_GENERATE_REDIRECT_LOGOUT_RESPONSE_MISSING_METADATA');
 }
 const redirectBinding = {
+    loginRequestRedirectURLArt,
     loginRequestRedirectURL,
     loginResponseRedirectURL,
     logoutRequestRedirectURL,

package/build/src/entity-sp.js

@@ -1,9 +1,10 @@
 /**
-* @file entity-sp.ts
-* @author tngan
-* @desc  Declares the actions taken by service provider
-*/
+ * @file entity-sp.ts
+ * @author tngan
+ * @desc  Declares the actions taken by service provider
+ */
 import Entity from './entity.js';
+import * as crypto from "node:crypto";
 import { namespace } from './urn.js';
 import redirectBinding from './binding-redirect.js';
 import postBinding from './binding-post.js';
@@ -17,15 +18,15 @@ export default function (props) {
     return new ServiceProvider(props);
 }
 /**
-* @desc Service provider can be configured using either metadata importing or spSetting
-* @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
+ * @desc Service provider can be configured using either metadata importing or spSetting
+ * @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
 
-*/
+ */
 export class ServiceProvider extends Entity {
     /**
-    * @desc  Inherited from Entity
-    * @param {object} spSetting    setting of service provider
-    */
+     * @desc  Inherited from Entity
+     * @param {object} spSetting    setting of service provider
+     */
     constructor(spSetting) {
         const entitySetting = Object.assign({
             authnRequestsSigned: false,
@@ -35,11 +36,11 @@ export class ServiceProvider extends Entity {
         super(entitySetting, 'sp');
     }
     /**
-    * @desc  Generates the login request for developers to design their own method
-    * @param  {IdentityProvider} idp               object of identity provider
-    * @param  {string}   binding                   protocol binding
-    * @param  {function} customTagReplacement     used when developers have their own login response template
-    */
+     * @desc  Generates the login request for developers to design their own method
+     * @param  {IdentityProvider} idp               object of identity provider
+     * @param  {string}   binding                   protocol binding
+     * @param  {function} customTagReplacement     used when developers have their own login response template
+     */
     createLoginRequest(idp, binding = 'redirect', customTagReplacement) {
         const nsBinding = namespace.binding;
         const protocol = nsBinding[binding];
@@ -51,14 +52,20 @@ export class ServiceProvider extends Entity {
             case nsBinding.redirect:
                 return redirectBinding.loginRequestRedirectURL({ idp, sp: this }, customTagReplacement);
             case nsBinding.post:
-                context = postBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", { idp, sp: this }, customTagReplacement);
+                context = postBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", {
+                    idp,
+                    sp: this
+                }, customTagReplacement);
                 break;
             case nsBinding.simpleSign:
                 // Object context = {id, context, signature, sigAlg}
                 context = simpleSignBinding.base64LoginRequest({ idp, sp: this }, customTagReplacement);
                 break;
             case nsBinding.artifact:
-                context = artifactSignBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", { idp, sp: this }, customTagReplacement);
+                context = artifactSignBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", {
+                    idp,
+                    sp: this
+                }, customTagReplacement);
                 break;
             default:
                 // Will support artifact in the next release
@@ -72,11 +79,45 @@ export class ServiceProvider extends Entity {
         };
     }
     /**
-    * @desc   Validation of the parsed the URL parameters
-    * @param  {IdentityProvider}   idp             object of identity provider
-    * @param  {string}   binding                   protocol binding
-    * @param  {request}   req                      request
-    */
+     * @desc  Generates the Art login request for developers to design their own method
+     * @param  {IdentityProvider} idp               object of identity provider
+     * @param  {string}   binding                   protocol binding
+     * @param  {function} customTagReplacement     used when developers have their own login response template
+     */
+    createLoginRequestArt(idp, binding = 'redirect', customTagReplacement) {
+        const nsBinding = namespace.binding;
+        const protocol = nsBinding[binding];
+        if (this.entityMeta.isAuthnRequestSigned() !== idp.entityMeta.isWantAuthnRequestsSigned()) {
+            throw new Error('ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG');
+        }
+        let context = null;
+        switch (protocol) {
+            case nsBinding.redirect:
+                return redirectBinding.loginRequestRedirectURLArt({ idp, sp: this }, customTagReplacement);
+            case nsBinding.post:
+                context = postBinding.base64LoginRequest("/*[local-name(.)='AuthnRequest']", {
+                    idp,
+                    sp: this,
+                    soap: true
+                }, customTagReplacement);
+                break;
+            default:
+                // Will support artifact in the next release
+                throw new Error('ERR_SP_LOGIN_REQUEST_UNDEFINED_BINDING');
+        }
+        return {
+            ...context,
+            relayState: this.entitySetting.relayState,
+            entityEndpoint: idp.entityMeta.getSingleSignOnService(binding),
+            type: 'SAMLRequest',
+        };
+    }
+    /**
+     * @desc   Validation of the parsed the URL parameters
+     * @param  {IdentityProvider}   idp             object of identity provider
+     * @param  {string}   binding                   protocol binding
+     * @param  {request}   req                      request
+     */
     parseLoginResponse(idp, binding, request) {
         const self = this;
         return flow({
@@ -95,7 +136,7 @@ export class ServiceProvider extends Entity {
      * @param  {string}   binding                   protocol binding
      * @param  {request}   req                      request
      */
-    artifactResolveResponse(idp, binding, request) {
+    parseLoginResponseArt(idp, binding, request) {
         const self = this;
         return flow({
             soap: true,
@@ -108,4 +149,57 @@ export class ServiceProvider extends Entity {
             request: request
         });
     }
+    /**
+     * @desc   generate Art id
+     *
+     * @param entityIDString
+     */
+    createArt(entityIDString, endpointIndex = 0) {
+        let sourceEntityId = entityIDString ? entityIDString : this.entityMeta.getEntityID();
+        console.log(sourceEntityId);
+        console.log("0000000000000000000000000000000000000000");
+        // 1. 固定类型代码 (0x0004 - 2字节)
+        const typeCode = Buffer.from([0x00, 0x04]);
+        // 2. 端点索引 (2字节，大端序)
+        if (endpointIndex < 0 || endpointIndex > 65535) {
+            throw new Error('Endpoint index must be between 0 and 65535');
+        }
+        const endpointBuf = Buffer.alloc(2);
+        endpointBuf.writeUInt16BE(endpointIndex);
+        // 3. Source ID - 实体ID的SHA-1哈希 (20字节)
+        const sourceId = crypto.createHash('sha1')
+            .update(sourceEntityId)
+            .digest();
+        // 4. Message Handler - 20字节随机值
+        const messageHandler = crypto.randomBytes(20);
+        // 组合所有组件 (2+2+20+20 = 44字节)
+        const artifact = Buffer.concat([typeCode, endpointBuf, sourceId, messageHandler]);
+        // 返回Base64编码的Artifact
+        return artifact.toString('base64');
+    }
+    /**
+     * @desc   generate Art id
+     * @param artifact
+     */
+    parseArt(artifact) {
+        // 解码 Base64
+        const decoded = Buffer.from(artifact, 'base64');
+        // 确保长度正确（SAML 工件固定为 44 字节）
+        if (decoded.length !== 44) {
+            throw new Error(`Invalid artifact length: ${decoded.length}, expected 44 bytes`);
+        }
+        // 读取前 4 字节（TypeCode + EndpointIndex）
+        const typeCode = decoded.readUInt16BE(0);
+        const endpointIndex = decoded.readUInt16BE(2);
+        // 使用 Buffer.from() 替代 slice()
+        const sourceId = Buffer.from(decoded.buffer, // 底层 ArrayBuffer
+        decoded.byteOffset + 4, // 起始偏移量
+        20 // 长度
+        ).toString('hex');
+        const messageHandle = Buffer.from(decoded.buffer, // 底层 ArrayBuffer
+        decoded.byteOffset + 24, // 起始偏移量
+        20 // 长度
+        ).toString('hex');
+        return { typeCode, endpointIndex, sourceId, messageHandle };
+    }
 }

package/build/src/extractor.js

@@ -68,6 +68,19 @@ export const loginResponseStatusFields = [
     }
 ];
 // support two-tiers status code
+export const loginArtifactResponseStatusFields = [
+    {
+        key: 'top',
+        localPath: ['Envelope', 'Body', 'ArtifactResponse', 'Status', 'StatusCode'],
+        attributes: ['Value'],
+    },
+    {
+        key: 'second',
+        localPath: ['Envelope', 'Body', 'ArtifactResponse', 'Status', 'StatusCode', 'StatusCode'],
+        attributes: ['Value'],
+    }
+];
+// support two-tiers status code
 export const logoutResponseStatusFields = [
     {
         key: 'top',

package/build/src/flow.js

@@ -5,8 +5,8 @@ import * as uuid from 'uuid';
 import { select } from 'xpath';
 import { DOMParser } from '@xmldom/xmldom';
 import { sendArtifactResolve } from "./soap.js";
-import { extract, loginRequestFields, loginResponseFields, logoutRequestFields, logoutResponseFields, logoutResponseStatusFields, loginResponseStatusFields } from './extractor.js';
-import { BindingNamespace, ParserType, wording, StatusCode } from './urn.js';
+import { extract, loginRequestFields, loginResponseFields, loginResponseStatusFields, loginArtifactResponseStatusFields, logoutRequestFields, logoutResponseFields, logoutResponseStatusFields } from './extractor.js';
+import { BindingNamespace, ParserType, StatusCode, wording } from './urn.js';
 const bindDict = wording.binding;
 const urlParams = wording.urlParams;
 // get the default extractor fields based on the parserType
@@ -146,12 +146,15 @@ async function postFlow(options) {
         let ID = '_' + uuid.v4();
         let url = metadata.idp.getArtifactResolutionService(bindDict.soap);
         let samlSoapRaw = libsaml.replaceTagsByValue(libsaml.defaultArtifactResolveTemplate.context, {
-            ID: request?.messageHandle,
+            ID: ID,
             Destination: url,
             Issuer: metadata.sp.getEntityID(),
             IssueInstant: new Date().toISOString(),
             Art: request.Art
         });
+        if (!metadata.idp.isWantAuthnRequestsSigned()) {
+            samlContent = await sendArtifactResolve(url, samlSoapRaw);
+        }
         if (metadata.idp.isWantAuthnRequestsSigned()) {
             const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = spSetting;
             let signatureSoap = libsaml.constructSAMLSignature({
@@ -172,14 +175,8 @@ async function postFlow(options) {
                     }
                 }
             });
-            let data = await sendArtifactResolve(url, signatureSoap);
-            /*            console.log(signatureSoap)
-                        console.log("签过名的")*/
-            console.log(data);
-            console.log("keycloak数据----------------------");
-            samlContent = data;
+            samlContent = await sendArtifactResolve(url, signatureSoap);
         }
-        // No need to embeded XML signature
     }
     const verificationOptions = {
         metadata: from.entityMeta,
@@ -189,23 +186,17 @@ async function postFlow(options) {
     let decryptRequired = from.entitySetting.isAssertionEncrypted;
     let extractorFields = [];
     // validate the xml first
-    /*    let res = await libsaml.isValidXml(samlContent).catch((error)=>{
-            console.log(error);
-            console.log("验证和结果-----------------------")
-            console.log("验证和结果-----------------------")
-            console.log("验证和结果-----------------------")
-            console.log("验证和结果-----------------------")
-            console.log("验证和结果-----------------------")
-            console.log("验证和结果-----------------------")
-            console.log("验证和结果-----------------------")
-        });
-        console.log(res);
-        console.log("验证和结果-----------------------")*/
+    let res = await libsaml.isValidXml(samlContent).catch((error) => {
+        return Promise.reject('ERR_EXCEPTION_VALIDATE_XML');
+    });
+    if (res !== true) {
+        return Promise.reject('ERR_EXCEPTION_VALIDATE_XML');
+    }
     if (parserType !== urlParams.samlResponse) {
         extractorFields = getDefaultExtractorFields(parserType, null);
     }
     // check status based on different scenarios
-    /*    await checkStatus(samlContent, parserType);*/
+    await checkStatus(samlContent, parserType, soap);
     /**检查签名顺序 */
     /*  if (
         checkSignature &&
@@ -230,14 +221,11 @@ async function postFlow(options) {
             return Promise.reject('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
         }
         if (!decryptRequired) {
-            console.log("-------------------走到了这里----------------------");
             extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
         }
         if (parserType === 'SAMLResponse' && decryptRequired) {
             // 1. 解密断言
             const [decryptedSAML, decryptedAssertion] = await libsaml.decryptAssertionSoap(self, samlContent);
-            console.log(decryptedAssertion);
-            console.log("解密数据-----------------------------");
             // 2. 检查解密后的断言是否包含签名
             const assertionDoc = new DOMParser().parseFromString(decryptedAssertion, 'text/xml');
             const assertionSignatureNodes = select("./*[local-name()='Signature']", assertionDoc.documentElement);
@@ -250,9 +238,6 @@ async function postFlow(options) {
                 };
                 // 3.2 验证断言签名
                 const [assertionVerified, result] = libsaml.verifySignatureSoap(decryptedAssertion, assertionVerificationOptions);
-                console.log(assertionVerified);
-                console.log(result);
-                console.log("验证机结果--------------");
                 if (!assertionVerified) {
                     console.error("解密后的断言签名验证失败");
                     return Promise.reject('ERR_FAIL_TO_VERIFY_ASSERTION_SIGNATURE');
@@ -307,10 +292,6 @@ async function postFlow(options) {
     const targetEntityMetadata = from.entityMeta;
     const issuer = targetEntityMetadata.getEntityID();
     const extractedProperties = parseResult.extract;
-    console.log(extractedProperties);
-    console.log(parseResult);
-    console.log("解析结果----------------------------------");
-    console.log("签发这-----------");
     // unmatched issuer
     if ((parserType === 'LogoutResponse' || parserType === 'SAMLResponse')
         && extractedProperties
@@ -565,14 +546,19 @@ async function postSimpleSignFlow(options) {
     }
     return Promise.resolve(parseResult);
 }
-function checkStatus(content, parserType) {
+function checkStatus(content, parserType, soap) {
     // only check response parser
     if (parserType !== urlParams.samlResponse && parserType !== urlParams.logoutResponse) {
         return Promise.resolve('SKIPPED');
     }
-    const fields = parserType === urlParams.samlResponse
+    let fields = parserType === urlParams.samlResponse
         ? loginResponseStatusFields
         : logoutResponseStatusFields;
+    if (soap === true) {
+        fields = parserType === urlParams.samlResponse
+            ? loginArtifactResponseStatusFields
+            : logoutResponseStatusFields;
+    }
     const { top, second } = extract(content, fields);
     // only resolve when top-tier status code is success
     if (top === StatusCode.Success) {

package/build/src/libsaml.js

@@ -70,19 +70,22 @@ const libSaml = () => {
         context: '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:NameIDPolicy Format="{NameIDFormat}" AllowCreate="{AllowCreate}"/></samlp:AuthnRequest>',
     };
     /**
-     * @desc Default art  request template
+     * @desc Default logout request template
      * @type {LogoutRequestTemplate}
      */
     const defaultLogoutRequestTemplate = {
         context: '<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}"><saml:Issuer>{Issuer}</saml:Issuer><saml:NameID Format="{NameIDFormat}">{NameID}</saml:NameID></samlp:LogoutRequest>',
     };
     /**
-     * @desc Default logout request template
+     * @desc Default art  request template
      * @type {LogoutRequestTemplate}
      */
     const defaultArtifactResolveTemplate = {
         context: `<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><saml2p:ArtifactResolve xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}"><saml2:Issuer>{Issuer}</saml2:Issuer><saml2p:Artifact>{Art}</saml2p:Artifact></saml2p:ArtifactResolve></SOAP-ENV:Body></SOAP-ENV:Envelope>`,
     };
+    const defaultArtAuthnRequestTemplate = {
+        context: `<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header></SOAP-ENV:Header><samlp:ArtifactResponse xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}" InResponseTo="{InResponseTo}" Version="2.0" IssueInstant="{IssueInstant}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>{AuthnRequest}</samlp:ArtifactResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>`,
+    };
     /**
      * @desc Default AttributeStatement template
      * @type {AttributeStatementTemplate}
@@ -209,6 +212,7 @@ const libSaml = () => {
         createXPath,
         getQueryParamByType,
         defaultLoginRequestTemplate,
+        defaultArtAuthnRequestTemplate,
         defaultArtifactResolveTemplate,
         defaultLoginResponseTemplate,
         defaultAttributeStatementTemplate,
@@ -453,7 +457,7 @@ const libSaml = () => {
                       assertionNode = node[0].toString();
                     }
                   }
-      
+
                   if (assertionSignatureNode.length === 1) {
                     const verifiedAssertionInfo = extract(assertionSignatureNode[0].toString(), [{
                       key: 'refURI',
@@ -485,7 +489,7 @@ const libSaml = () => {
                     }]);
                     assertionNode = verifiedDoc.assertion.toString();
                   }
-      
+
                   return [verified, assertionNode];*/
         },
         verifySignatureSoap(xml, opts) {

package/build/src/metadata-sp.js

@@ -71,8 +71,10 @@ export class SpMetadata extends Metadata {
                 });
             }
             if (isNonEmptyArray(artifactResolutionService)) {
+                let indexCount = 0;
                 artifactResolutionService.forEach(a => {
                     const attr = {
+                        index: String(indexCount++),
                         Binding: a.Binding,
                         Location: a.Location,
                     };

package/build/src/metadata.js

@@ -128,8 +128,6 @@ export default class Metadata {
     getArtifactResolutionService(binding) {
         if (binding && isString(binding)) {
             const bindType = namespace.binding[binding];
-            console.log(this.meta);
-            console.log("看一下---------------------");
             let artifactResolutionService = this.meta.artifactResolutionService;
             if (!(artifactResolutionService instanceof Array)) {
                 artifactResolutionService = [artifactResolutionService];

package/build/src/schema/saml-schema-ecp-2.0.xsd

@@ -15,7 +15,7 @@
     <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
         schemaLocation="saml-schema-assertion-2.0.xsd"/>
     <import namespace="http://schemas.xmlsoap.org/soap/envelope/"
-        schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>
+        schemaLocation="soap-envelope.xsd"/>
     <annotation>
         <documentation>
             Document identifier: saml-schema-ecp-2.0

package/build/src/schema/saml-schema-metadata-2.0.xsd

@@ -11,13 +11,13 @@
     blockDefault="substitution"
     version="2.0">
     <import namespace="http://www.w3.org/2000/09/xmldsig#"
-        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+        schemaLocation="xmldsig-core-schema.xsd"/>
     <import namespace="http://www.w3.org/2001/04/xmlenc#"
-        schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
+        schemaLocation="xenc-schema.xsd"/>
     <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
         schemaLocation="saml-schema-assertion-2.0.xsd"/>
     <import namespace="http://www.w3.org/XML/1998/namespace"
-        schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+        schemaLocation="xml.xsd"/>
     <annotation>
         <documentation>
             Document identifier: saml-schema-metadata-2.0

package/build/src/schema/saml-schema-protocol-2.0.xsd

@@ -12,7 +12,7 @@
     <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
         schemaLocation="saml-schema-assertion-2.0.xsd"/>
     <import namespace="http://www.w3.org/2000/09/xmldsig#"
-        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+        schemaLocation="xmldsig-core-schema.xsd"/>
     <annotation>
         <documentation>
             Document identifier: saml-schema-protocol-2.0

package/build/src/schema/{env.xsd → soap-envelope.xsd}

@@ -1,36 +1,4 @@
-
-<!--  Schema for the SOAP/1.1 envelope
-
-        Portions © 2001 DevelopMentor.
-        © 2001 W3C (Massachusetts Institute of Technology, Institut National de Recherche en Informatique et en Automatique, Keio University). All Rights Reserved.
-
-        This document is governed by the W3C Software License [1] as described in the FAQ [2].
-        [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
-        [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
-        By obtaining, using and/or copying this work, you (the licensee) agree that you have read, understood, and will comply with the following terms and conditions:
-
-        Permission to use, copy, modify, and distribute this software and its documentation, with or without modification,  for any purpose and without fee or royalty is hereby granted, provided that you include the following on ALL copies of the software and documentation or portions thereof, including modifications, that you make:
-
-        1.  The full text of this NOTICE in a location viewable to users of the redistributed or derivative work.
-
-        2.  Any pre-existing intellectual property disclaimers, notices, or terms and conditions. If none exist, a short notice of the following form (hypertext is preferred, text is permitted) should be used within the body of any redistributed or derivative code: "Copyright © 2001 World Wide Web Consortium, (Massachusetts Institute of Technology, Institut National de Recherche en Informatique et en Automatique, Keio University). All Rights Reserved. http://www.w3.org/Consortium/Legal/"
-
-        3.  Notice of any changes or modifications to the W3C files, including the date changes were made. (We recommend you provide URIs to the location from which the code is derived.)
-
-        Original W3C files; http://www.w3.org/2001/06/soap-envelope
-        Changes made:
-             - reverted namespace to http://schemas.xmlsoap.org/soap/envelope/
-             - reverted mustUnderstand to only allow 0 and 1 as lexical values
-             - made encodingStyle a global attribute 20020825
-             - removed default value from mustUnderstand attribute declaration
-
-        THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
-
-        COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR DOCUMENTATION.
-
-        The name and trademarks of copyright holders may NOT be used in advertising or publicity pertaining to the software without specific, written prior permission. Title to copyright in this software and any associated documentation will at all times remain with copyright holders.
-
-         -->
+<?xml version="1.0" encoding="utf-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://schemas.xmlsoap.org/soap/envelope/" targetNamespace="http://schemas.xmlsoap.org/soap/envelope/">
     <!--  Envelope, header and body  -->
     <xs:element name="Envelope" type="tns:Envelope"/>