⭐ feat: add RequestedAuthnContext Comparison Type parameter

node-saml · Mar 5, 2019 · cd80c99 · cd80c99
1 parent b384277
commit cd80c99
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/docs/adfs/README.md b/docs/adfs/README.md
@@ -56,7 +56,8 @@ passport.use(new SamlStrategy(
     acceptedClockSkewMs: -1,
     identifierFormat: null,
   // this is configured under the Advanced tab in AD FS relying party
-    signatureAlgorithm: 'sha256'
+    signatureAlgorithm: 'sha256',
+    comparisonType: 'exact', // default to exact RequestedAuthnContext Comparison Type
   },
   function(profile, done) {
     return done(null,

diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
@@ -80,6 +80,11 @@ SAML.prototype.initialize = function (options) {
     options.signatureAlgorithm = 'sha1';
   }
 
+  // better, exact, minimum, maximum
+  if (!options.comparisonType){
+    options.comparisonType = 'exact';
+  }
+
   return options;
 };
 
@@ -202,7 +207,7 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) {
 
       request['samlp:AuthnRequest']['samlp:RequestedAuthnContext'] = {
         '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
-        '@Comparison': 'exact',
+        '@Comparison': self.options.comparisonType,
         'saml:AuthnContextClassRef': authnContextClassRefs
       };
     }