From c939ada1265e3129bd1280c3be6dc98d143c9b8e Mon Sep 17 00:00:00 2001
From: handnot2 <handnot2@gmail.com>
Date: Sun, 1 Oct 2017 20:56:43 -0700
Subject: [PATCH] fixes #2

---
 CHANGELOG.md          |  4 ++++
 README.md             | 11 ++++++++++-
 lib/samly/provider.ex | 12 +++++++++++-
 mix.exs               |  4 ++--
 mix.lock              | 20 ++++++++++----------
 5 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2fc2439..07ecfa3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+### v0.7.1
+
++   Added config option (`entity_id`). OOTB uses metadata URI as entity ID. Can be specified (`urn` entity ID for example) to override the default.
+
 ### v0.7.0
 
 +   Added config options to control if requests and/or responses are signed or not
diff --git a/README.md b/README.md
index 70c825b..15405f6 100644
--- a/README.md
+++ b/README.md
@@ -113,7 +113,7 @@ specifics.
 defp deps() do
   [
     # ...
-    {:samly, "~> 0.6"},
+    {:samly, "~> 0.7"},
   ]  
 end
 ```
@@ -154,7 +154,12 @@ The configuration information needed for `Samly` can be specified in as shown he
 
 config :samly, Samly.Provider,
   base_url: "http://samly.howto:4003/sso",
+  #entity_id: "urn:myapp-host:my-id",
   #pre_session_create_pipeline: MySamlyPipeline,
+  #sign_requests: true,
+  #sign_metadata: true,
+  #signed_envelopes_in_idp_resp: true,
+  #signed_assertion_in_idp_resp: true,
   certfile: "path/to/service/provider/certificate/file",
   keyfile: "path/to/corresponding/private/key/file",
   idp_metadata_file: "path/to/idp/metadata/xml/file"
@@ -171,6 +176,10 @@ variables described below.
 | SAMLY_KEYFILE  | Path to the private key for the certificate. Defaults to `samly.pem` |
 | SAMLY_IDP_METADATA_FILE | Path to the SAML IDP metadata XML file. Defaults to `idp_metadata.xml` |
 | SAMLY_BASE_URL | Set this to the base URL for your application (include `/sso`) |
+| SAMLY_SIGN_REQUESTS | Set this to `false` if IdP is setup to receive unsigned requests |
+| SAMLY_SIGN_METADATA | Set this to `false` if the metadata response should be unsigned |
+| SAMLY_SIGNED_ENVELOPES_IN_IDP_RESP | Set this to `false` if IdP is sending unsigned response |
+| SAMLY_SIGNED_ASSERTION_IN_IDP_RESP | Set this to `false` if IdP is sending unsigned response |
 
 #### Generating Self-Signed Certificate and Key Files for Samly
 
diff --git a/lib/samly/provider.ex b/lib/samly/provider.ex
index d024970..15ef133 100644
--- a/lib/samly/provider.ex
+++ b/lib/samly/provider.ex
@@ -25,6 +25,7 @@ defmodule Samly.Provider do
 
   config :samly, Samly.Provider,
     base_url: "http://samly.howto:4003/sso",
+    #entity_id: "urn:myapp-host:my-id",
     #pre_session_create_pipeline: MySamlyPipeline,
     #sign_requests: true,
     #sign_metadata: true,
@@ -59,6 +60,7 @@ defmodule Samly.Provider do
   @certfile_opt :certfile
   @keyfile_opt :keyfile
   @idp_metadata_file_opt :idp_metadata_file
+  @entity_id_opt :entity_id
   @base_url_opt :base_url
   @pre_session_create_pipeline_opt :pre_session_create_pipeline
   @sign_requests_opt :sign_requests
@@ -70,7 +72,7 @@ defmodule Samly.Provider do
     @certfile_opt, @keyfile_opt, @idp_metadata_file_opt, @base_url_opt,
     @sign_requests_opt, @sign_metadata_opt,
     @signed_envelopes_in_idp_resp_opt, @signed_assertion_in_idp_resp_opt,
-    @pre_session_create_pipeline_opt
+    @entity_id_opt, @pre_session_create_pipeline_opt
   ]
 
   @doc false
@@ -124,6 +126,7 @@ defmodule Samly.Provider do
   end
 
   defp use_env(@pre_session_create_pipeline_opt), do: nil
+  defp use_env(@entity_id_opt), do: nil
   defp use_env(@certfile_opt), do: System.get_env("SAMLY_CERTFILE")
   defp use_env(@keyfile_opt), do: System.get_env("SAMLY_KEYFILE")
   defp use_env(@idp_metadata_file_opt), do: System.get_env("SAMLY_IDP_METADATA_FILE")
@@ -147,6 +150,7 @@ defmodule Samly.Provider do
   end
 
   defp use_default(@pre_session_create_pipeline_opt), do: nil
+  defp use_default(@entity_id_opt), do: :undefined
   defp use_default(k) when k in [
       @sign_requests_opt, @sign_metadata_opt,
       @signed_envelopes_in_idp_resp_opt, @signed_assertion_in_idp_resp_opt] do
@@ -209,6 +213,11 @@ defmodule Samly.Provider do
     base_url = opts[@base_url_opt] |> String.to_charlist()
     keyfile  = opts[@keyfile_opt] |> String.to_charlist()
     crtfile  = opts[@certfile_opt] |> String.to_charlist()
+    entity_id = case opts[@entity_id_opt] do
+      :undefined -> :undefined
+      id -> String.to_charlist(id)
+    end
+
     try do
       cert = load_sp_cert(crtfile)
       key  = load_sp_priv_key(keyfile)
@@ -224,6 +233,7 @@ defmodule Samly.Provider do
         metadata_uri: Helper.get_metadata_uri(base_url),
         consume_uri: Helper.get_consume_uri(base_url),
         logout_uri: Helper.get_logout_uri(base_url),
+        entity_id: entity_id,
         # TODO: get this from config
         org: Esaml.esaml_org(
           name: 'Samly SP',
diff --git a/mix.exs b/mix.exs
index 80bc306..fe22db5 100644
--- a/mix.exs
+++ b/mix.exs
@@ -1,7 +1,7 @@
 defmodule Samly.Mixfile do
   use Mix.Project
 
-  @version "0.7.0"
+  @version "0.7.1"
   @description "SAML SP SSO made easy"
   @source_url "https://github.com/handnot2/samly"
 
@@ -29,7 +29,7 @@ defmodule Samly.Mixfile do
   defp deps() do
     [
       {:plug, "~> 1.4"},
-      {:esaml, "~> 3.0"},
+      {:esaml, "~> 3.1"},
       {:ex_doc, "~> 0.16", only: :dev},
       {:inch_ex, "~> 0.5", only: :docs},
     ]
diff --git a/mix.lock b/mix.lock
index 5a26378..9b41e71 100644
--- a/mix.lock
+++ b/mix.lock
@@ -1,10 +1,10 @@
-%{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
-  "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"},
-  "earmark": {:hex, :earmark, "1.2.3", "206eb2e2ac1a794aa5256f3982de7a76bf4579ff91cb28d0e17ea2c9491e46a4", [:mix], [], "hexpm"},
-  "esaml": {:hex, :esaml, "3.0.1", "fea1bf280438f1c247a4fa45d87bf7df3ce1cbee504ae423c4d0f3f292e786aa", [:rebar3], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
-  "ex_doc": {:hex, :ex_doc, "0.16.4", "4bf6b82d4f0a643b500366ed7134896e8cccdbab4d1a7a35524951b25b1ec9f0", [:mix], [{:earmark, "~> 1.1", [hex: :earmark, repo: "hexpm", optional: false]}], "hexpm"},
-  "inch_ex": {:hex, :inch_ex, "0.5.6", "418357418a553baa6d04eccd1b44171936817db61f4c0840112b420b8e378e67", [:mix], [{:poison, "~> 1.5 or ~> 2.0 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
-  "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [:mix], [], "hexpm"},
-  "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
-  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"},
-  "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [:rebar3], [], "hexpm"}}
+%{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
+  "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [], [], "hexpm"},
+  "earmark": {:hex, :earmark, "1.2.3", "206eb2e2ac1a794aa5256f3982de7a76bf4579ff91cb28d0e17ea2c9491e46a4", [], [], "hexpm"},
+  "esaml": {:hex, :esaml, "3.1.0", "76337f00b5953a6c249fa8c322905c7a069b7c20339ece3756072279e6dcb41c", [], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
+  "ex_doc": {:hex, :ex_doc, "0.17.0", "fdf3dc9c6cd1945afb583488de1bf8c12bd8b2ab80f2e7a0e2476a60b9e3bd8f", [], [{:earmark, "~> 1.1", [hex: :earmark, repo: "hexpm", optional: false]}], "hexpm"},
+  "inch_ex": {:hex, :inch_ex, "0.5.6", "418357418a553baa6d04eccd1b44171936817db61f4c0840112b420b8e378e67", [], [{:poison, "~> 1.5 or ~> 2.0 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
+  "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [], [], "hexpm"},
+  "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
+  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [], [], "hexpm"},
+  "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [], [], "hexpm"}}