Saturday 8 April 2017

Understanding Node callback syntax

I am reverse engineering one of the open source implementations of SAML based Single Sign on (SSO)

When the SSO is successful I get a POST from my idp(identity provider) and following function is called:

router.post('/acs/:idp?', function (req, res, next) {
  console.log('got a post from idp');
    var _idp, _sp;
    if (req.params.idp === 'onelogin') {
      console.log('the idp is onelogin or vidm in this case');
        _idp = oneLoginIdP;
        _sp = olsp;
    } else {
        _idp = idp;
        _sp = sp;
    }
    _sp.parseLoginResponse(_idp, 'post', req, function (parseResult) {
      console.log('trying to parse assertion to see if it is valid');
      console.log('name id'+parseResult.extract.nameid);

        if (parseResult.extract.nameid) {
            res.render('login', {
                title: 'Processing',
                isSSOLogin: true,
                email: parseResult.extract.nameid
            });
        } else {
            req.flash('info', 'Unexpected error');
            res.redirect('/login');
        }
    });
});

Now, as we can see this function calls a function called parseLoginResponse on the serverivceprovider object (_sp). parseLoginResponse looks like following:

ServiceProvider.prototype.parseLoginResponse = function parseLoginResponse(idp, binding, req, parseCallback) {
        return this.abstractBindingParser({
            parserFormat:
            [
            {
                localName: 'StatusCode',
                attributes: ['Value']
            },
            {
                localName: 'Conditions',
                attributes: ['NotBefore', 'NotOnOrAfter']
            },
            'Audience',
            'Issuer',
            'NameID',
            {
                localName: 'Signature',
                extractEntireBody: true
            },
            {
                localName: {
                    tag: 'Attribute',
                    key: 'Name'
                },
                valueTag: 'AttributeValue'
            }
          ],
            checkSignature: this.entityMeta.isWantAssertionsSigned(),
            from: idp,
            supportBindings: ['post'],
            parserType: 'SAMLResponse',
            actionType: 'login'
        }, binding, req, idp.entityMeta, parseCallback);
    };

My three specific Questions:

  1. How is the callback working for parseCallback method.

  2. I am new to javascript so I don't get at which exact line parseCallback is receiving it's argument i.e parseResult?

  3. I can print following line succefully in my parseCallback:

    console.log('name id'+parseResult.extract.nameid);

BUT I can't find a way to print attributes that contain notbefore and notonorafter time. How can I print attributes section of parseResult?



via nitinsh99
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)