Skip to content

UM-LPM/saml-metadata

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

saml-metadata

CI npm version

This is a streaming SAML metadata parser. It is sutable for parsing large metadata files (multiple MBs) containing multiple IDPs and SPs, which are commonly used by federations. The file is parsed and processed as it is being downloaded, which means the original document is never saved. The projects only dependency is the SAX parsing library, saxes.

The data structure fairly closely follows the schema. All standard constructs referenced in the interoperable SAML are supported (the extensions are currently missing, however they might be added in the future).

Security considerations:

  • The well-formedness of the XML document is ensured by the underlaying SAX parser.
  • The location of elements is always (transitively) verified from the root.
  • The order of the elements is not verified.
  • The XML signatures are not verified, it is assumed that the document is downloaded directly from a well-known location and the connection is protected using TSL/SSL.
  • The elements that are not converted into the data structure are ignored.

Usage

import https from 'node:https';
import {parser} from 'saml-metadata';

https.get(address, (stream) => {
  void (async () => {
     const metadata = await parser(stream);
  })();
});

The types are in types.ts.

License

ISC