Merge branch 'master' of https://github.com/italia/spid-saml-check

README.md

@@ -96,7 +96,7 @@ docker run -t -i -p 8443:8443 spid-saml-check
 
 The application spid-validator, if invoked as a web application *as is*, provides "basic", formal validation of a Service Provider's SAML metadata.
 
-In order to unleash the **full** set of SPID compliance tests (the proper *SPID Validator*), retrieve the metadata of *SPID Validator* at https://localhost:8080/metadata.xml and configure it on as a new Identity Provider (IdP) under your Service Provider (SP) implementation.
+In order to unleash the **full** set of SPID compliance tests (the proper *SPID Validator*), retrieve the metadata of *SPID Validator* at https://localhost:8443/metadata.xml and configure it on as a new Identity Provider (IdP) under your Service Provider (SP) implementation.
 
 When used in this fashion, the *SPID Validator* can be invoked as an IdP from your SP, listing 300+ individual controls, divided into 7 families:
  * 4 families for the formal validation of the SP **metadata** (already described);
@@ -109,9 +109,9 @@ To use the *SPID Validator* the AuthnRequest are thus sent from your SP, loggin
 ### Usage steps
 
 - Copy spid-validator metadata to the SP you want to test with.
-  spid-validator can be downloaded at: [https://localhost:8080/metadata.xml](https://localhost:8080/metadata.xml)
+  spid-validator can be downloaded at: [https://localhost:8443/metadata.xml](https://localhost:8443/metadata.xml)
   ````
-  wget https://localhost:8080/metadata.xml -O /path/to/your/sp/metadata/folder/spid-saml-check-metadata.xml
+  wget https://localhost:8443/metadata.xml -O /path/to/your/sp/metadata/folder/spid-saml-check-metadata.xml
   ````
 
 - Start authentication request connecting to your SP, the AuthnRequest would be created and sent to spid-saml-check.
@@ -139,25 +139,25 @@ To use the *SPID Validator* the AuthnRequest are thus sent from your SP, loggin
 
 ## How to use it as a *SPID Demo*
 
-The application spid-demo runs at: [https://localhost:8080/demo](https://localhost:8080/demo)
+The application spid-demo runs at: [https://localhost:8443/demo](https://localhost:8443/demo)
 
 <img src="doc/img/demo_idp_index.png" width="500" alt="demo index page" />
 
 
-Test users of spid-demo that can be used are listed at: [https://localhost:8080/demo/users](https://localhost:8080/demo/users)
+Test users of spid-demo that can be used are listed at: [https://localhost:8443/demo/users](https://localhost:8443/demo/users)
 
 <img src="doc/img/demo_idp_users.png" width="500" alt="demo users page" />
 
 
 <h3>Usage steps</h3>
 
 - Copy spid-demo metadata to the SP you want to test with.
-  spid-demo metadata can be downloaded at: [https://localhost:8080/demo/metadata.xml](https://localhost:8080/demo/metadata.xml)
+  spid-demo metadata can be downloaded at: [https://localhost:8443/demo/metadata.xml](https://localhost:8443/demo/metadata.xml)
   ````
-  wget https://localhost:8080/demo/metadata.xml -O /path/to/your/sp/metadata/folder/spid-demo.xml
+  wget https://localhost:8443/demo/metadata.xml -O /path/to/your/sp/metadata/folder/spid-demo.xml
   ````
 
-- Go to https://localhost:8080 to register metadata of your SP on spid-validator.
+- Go to https://localhost:8443 to register metadata of your SP on spid-validator.
   You should access to a page like shown in the following picture
 
   <img src="doc/img/login.png" width="500" alt="login page" />

spid-validator/chrome-extension/controller.js

@@ -1,4 +1,4 @@
-var host = "https://validator.spid.gov.it/samlsso";
+var host = "https://demo.spid.gov.it/validator/samlsso";
 var SAMLRequest = "";
 var RelayState = "";
 var action = host;
@@ -21,7 +21,9 @@ chrome.webRequest.onBeforeRequest.addListener(
           details.url.startsWith("https://spid.register.it/login/sso") ||
           details.url.startsWith("https://identity.sieltecloud.it/simplesaml/saml2/idp/SSO.php") ||
           details.url.startsWith("https://identity.sieltecloud.it/simplesaml/saml2/idp/SSOService.php") ||
-          details.url.startsWith("https://login.id.tim.it/affwebservices/public/saml2sso")
+          details.url.startsWith("https://login.id.tim.it/affwebservices/public/saml2sso") ||
+          details.url.startsWith("https://id.lepida.it/idp/profile/SAML2/POST/SSO") ||
+          details.url.startsWith("https://id.lepida.it/idp/profile/SAML2/Redirect/SSO")
         ) {
 
         if(details.method=="POST") {  

spid-validator/chrome-extension/manifest.json

@@ -2,7 +2,7 @@
     "manifest_version": 2,
     "name": "SPID Assertion Consumer Validator",
     "description": "Tool for validating Service Provider compliance to SPID response from Identity Provider",
-    "version": "1",
+    "version": "1.2.0",
     "author": "Michele D'Amico (@damikael) - AgID - Agenzia per l'Italia Digitale",
     "icons": {
         "96":"icon_on.png"

spid-validator/chrome-extension/page.html

@@ -3,11 +3,11 @@
     <div id="form">Please wait while redirecting</div>
     <body>
         <noscript>Your browser does not support JavaScript. Please click the 'Continue' button below to proceed.</noscript>
-        <form id="form" method="post" action="http://localhost:8080/samlsso" >
+        <form id="form" method="post" action="https://demo.spid.gov.it/validator/samlsso" >
             <input id="form_RelayState" type="hidden" name="RelayState" />
             <input id="form_SAMLRequest" type="hidden" name="SAMLRequest" />
             <noscript><input type="submit" value="Continue" /></noscript>
         </form>
-        <p>SPID Assertion Consumer Validator is redirecting you to http://localhost:8080/samlsso</p>
+        <p>SPID Assertion Consumer Validator is redirecting you to Demo Validator</p>
     </body>
 </html>

spid-validator/server/lib/saml-utils.js

@@ -609,7 +609,16 @@ class IdP {
             qs += this.getLogoutResponsePayload(SAMLResponse, relayState, null);
         }
 
-        return url + "?" + qs;
+        const searchParams = new URLSearchParams(qs);
+
+        let slo = new URL(url);
+        let existingParams = new URLSearchParams(slo.search);
+        existingParams.forEach(function(value, key) {
+            searchParams.set(key, value);
+        });
+
+        slo.search = searchParams.toString();
+        return  slo.toString();
     }
 
     getLogoutResponsePayload(SAMLResponse, relayState, sigAlg) {