summaryrefslogtreecommitdiff
path: root/lib/saml/sp-metadata.ts
blob: 7f25f60258ba45e6efc66ab4dbb0bb68ffd00382 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

// SAML Service Provider (SP) 메타데이터 유틸리티

export interface SPAssertionConsumerService {
  binding: string
  location: string
  index: number
  isDefault?: boolean
}

export interface SPMetadata {
  entityId: string
  // SPSSODescriptor 속성들
  protocolSupportEnumeration: string[]
  authnRequestsSigned: boolean
  wantAssertionsSigned: boolean
  // 서비스 엔드포인트들
  assertionConsumerServices: SPAssertionConsumerService[]
  // 편의를 위한 기본값들
  defaultACS: SPAssertionConsumerService
  callbackUrl: string
}

// SP 메타데이터 가져오기 (환경변수 기반)
export function getSPMetadata(): SPMetadata {
  console.log('🔍 Loading SP metadata from environment variables...')
  
  // 필수 환경변수 검증
  const entityId = process.env.SAML_SP_ENTITY_ID
  const callbackUrl = process.env.SAML_SP_CALLBACK_URL || `${process.env.NEXTAUTH_URL}/api/saml/callback`
  
  if (!entityId) {
    throw new Error('Required SAML environment variable is missing: SAML_SP_ENTITY_ID')
  }

  if (!callbackUrl) {
    throw new Error('SAML_SP_CALLBACK_URL or NEXTAUTH_URL environment variable is required')
  }

  // AssertionConsumerService 구성
  const assertionConsumerServices: SPAssertionConsumerService[] = [
    // 기본 HTTP-POST 바인딩
    {
      binding: process.env.SAML_SP_ACS_BINDING_PRIMARY || 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
      location: callbackUrl,
      index: 0,
      isDefault: true
    }
  ]

  // 보조 HTTP-Redirect 바인딩 (선택사항)
  const secondaryBinding = process.env.SAML_SP_ACS_BINDING_SECONDARY
  if (secondaryBinding) {
    assertionConsumerServices.push({
      binding: secondaryBinding,
      location: callbackUrl,
      index: 1,
      isDefault: false
    })
  }

  const metadata: SPMetadata = {
    entityId,
    protocolSupportEnumeration: [
      process.env.SAML_SP_PROTOCOL_SUPPORT || 'urn:oasis:names:tc:SAML:2.0:protocol'
    ],
    authnRequestsSigned: process.env.SAML_SP_AUTHN_REQUESTS_SIGNED === 'true',
    wantAssertionsSigned: process.env.SAML_SP_WANT_ASSERTIONS_SIGNED === 'true',
    assertionConsumerServices,
    defaultACS: assertionConsumerServices[0],
    callbackUrl
  }

  console.log('✅ SP metadata loaded from environment variables:', {
    entityId,
    callbackUrl,
    authnRequestsSigned: metadata.authnRequestsSigned,
    wantAssertionsSigned: metadata.wantAssertionsSigned,
    acsCount: assertionConsumerServices.length
  })

  return metadata
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-07 00:40:23 +0000