Add destination field to AuthnRequest (#47)

Co-authored-by: Michael B. Gale <github@michael-gale.co.uk>
mbg · Jul 1, 2023 · 3ddccb6 · fumieval · Jul 19, 2024 · 3ddccb6
1 parent 88fdad9
commit 3ddccb6
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 -   Support GHC 9.6 ([#53](https://github.com/mbg/wai-saml2/pull/53) by [@mbg](https://github.com/mbg))
 -   Fixed a bug in XML canonicalisation causing a digest mismatch on Okta when assertion attributes are present (special thanks to @hiroqn) ([#51](https://github.com/mbg/wai-saml2/pull/51) by [@fumieval](https://github.com/fumieval))
+-   Added `authnRequestDestination` field to `AuthnRequest` ([#47](https://github.com/mbg/wai-saml2/pull/47) by [@Philonous](https://github.com/Philonous))
 
 ## 0.4
 

diff --git a/src/Network/Wai/SAML2/Request.hs b/src/Network/Wai/SAML2/Request.hs
@@ -63,6 +63,11 @@ data AuthnRequest
     ,   authnRequestID :: !T.Text
         -- | SP Entity ID
     ,   authnRequestIssuer :: !T.Text
+        -- | The URI reference to which this request is to be sent. Required
+        -- for signed requests
+        --
+        -- @since 0.4.1
+    ,   authnRequestDestination :: !(Maybe T.Text)
         -- | Allow IdP to generate a new identifier
     ,   authnRequestAllowCreate :: !Bool
         -- | The URI reference corresponding to a name identifier format
@@ -83,6 +88,7 @@ issueAuthnRequest authnRequestIssuer = do
     pure AuthnRequest{
         authnRequestAllowCreate = True
     ,   authnRequestNameIDFormat = Transient
+    ,   authnRequestDestination = Nothing
     ,   ..
     }
 
@@ -118,13 +124,15 @@ renderXML AuthnRequest{..} =
         root = Element
             (saml2pName "AuthnRequest")
             (Map.fromList
-                [ ("xmlns:samlp", "urn:oasis:names:tc:SAML:2.0:protocol")
+               ([ ("xmlns:samlp", "urn:oasis:names:tc:SAML:2.0:protocol")
                 , ("xmlns:saml", "urn:oasis:names:tc:SAML:2.0:assertion")
                 , ("ID", authnRequestID) -- Reference [RequestAbstractType] and see [ID Values]
                 , ("Version", "2.0")  -- [RequestAbstractType]
                 , ("IssueInstant", timestamp) -- [RequestAbstractType]
                 , ("AssertionConsumerServiceIndex", "1") -- [AuthnRequest]
-                ])
+                ]
+                -- [RequestAbstractType]
+                ++ [("Destination", uri) | let Just uri = authnRequestDestination] ))
             [NodeElement issuer, NodeElement nameIdPolicy]
         -- Reference [RequestAbstractType]
         issuer = Element