nate-strauser / meteor-accounts-saml Goto Github PK

When I try to create an account (with same email address I have at feide), then tries to log on with feide, I get this error:

Sorry, an error occured

Error: Unable to validate response url
Close Window

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

When attempting to run the preview app for the first time I get:

[[[[[ ~/Projects/meteor-accounts-saml/example-openidp ]]]]]

=> Errors prevented startup:

While building the application:
error: no such package: 'accounts-saml'

=> Your application has errors. Waiting for file change.
=> Meteor 1.0.1 is available. Update this project with 'meteor update'.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

hey there,
I've this problem which I described here:

Sorry, an annoying error occured
Error: hash algorithm 'http://www.w3.org/2001/04/xmlenc#sha512' is not supported
Close Window

but no one is answering, I thought maybe let's try it here.

any help is very much appreciated!
thanks, daniel

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

just wondering about the following code in saml_server.js

if(!user)
      throw new Error("Could not find an existing user with supplied email " + loginResult.profile.email);


      //creating the token and adding to the user
      var stampedToken = Accounts._generateStampedLoginToken();
      Meteor.users.update(user,
        {$push: {'services.resume.loginTokens': stampedToken}}
      );

      //sending token along with the userId
      return {
        id: user._id,
        token: stampedToken.token
      }

should this not be

if(!user)
      throw new Error("Could not find an existing user with supplied email " + loginResult.profile.email);

else
      //creating the token and adding to the user
      var stampedToken = Accounts._generateStampedLoginToken();
      Meteor.users.update(user,
        {$push: {'services.resume.loginTokens': stampedToken}}
      );

      //sending token along with the userId
      return {
        id: user._id,
        token: stampedToken.token
      }

also curious to know if a new Meteor account can be set up automatically if SAML login is successful? is this even good idea.

Thanks. great package.

After completing the SAML authentication process successfully, the in-app browser stays open to a page that just says "Verified".

FYI, this seems to have to do with two things:

1. saml_server.js uses window.close() to complete the sign-in process.
2. Cordova InAppBrowser doesn't truly support window.close().

A possible workaround would be something like this.

See also: RocketChat/Rocket.Chat#2028

I'm trying to debug the time difference. I checked my Azure server and the time is correct. Then I add a code to log the time right before Meteor.loginWithSaml is called. This time is:

2015-5-26T13:40:29.290

Then I get an error from Shibboleth IdP of:

Message was not yet valid: message time was 2015-06-26T15:40:31.000Z, latest valid is: 2015-06-26T09:45:33.158-04:00
Message was rejected because was issued in the future

Then I see the latest valid is 2015-06-26T09:45:33.158-04:00 which is equal to 2015-06-26T13:45:33.158

If you notice the time that I logged right before the call to my meteor package would work. But for some reason my meteor package is adding a timestamp of 2015-06-26T15:40:31.000Z and this is actually in the future. This looks like an issue, the package added 2 hours to the timestamp.

Hello,
Thank you for a great package.
I am running into an issue when I try to integrate with Okta. I get the following error:
Exception while invoking method 'login' Error: A login method must specify a userId or an error
at AccountsServer.meteorInstall.node_modules.meteor.accounts-base.accounts_server.js.Ap._attemptLogin (packages/accounts-base/accounts_server.js:324:11)

I am running the example project with meteor 1.3.4.4 and setup the settings.json / Okta IDP
I've been using firefox saml debug plugin and see that the transaction xml data looks good.
Also, I verified the user with matching email exists in the mongodb users collection.

I looked through the saml_server.js code and was wondering if the returned variable name id should read userId instead?

Accounts.registerLoginHandler(function(loginRequest)
...

  return {
    id: user._id,  **_//maybe should be userId:user._id,_**
    token: stampedToken.token
  }

...

Hello, after a SAML login how can i get info about the logged in user from the IDP (or the returned SAML Response)?

Somewhere in the code i found a userId and a "result" with a token and user as attributes. But the token is way to short something about 24 bytes and both (user and token) are decrypted and i am not sure if this is what i am looking for.

Possible to add logout functionality... or point us in the right direction to implement?

thanks.. I find the package very helpful

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Looking to see if this package is still being maintained and compatible with the newest version of meteor.