-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid Session Participant #71
Comments
I would think that this would be created internally upon a successful saml response creation, as it has all the information necessary then. Is there any reason session participants aren't created automatically? Also, it appears session participants need to be instances of SessionParticipants prototype y'all have internally, but it's not exposed and I don't see any way to add to the list of session participants. |
Accidentally closed, apologies. |
Also, in considering how this apparently expects you to store the session participants externally, but removes some internally, how are we to know which session participants should still exist externally after they are removed? |
I'm also having issues with this. I have come to find out that the sessionParticipants object does not need to be an instance of that SessionParticipants prototype, but it does need to have the same signature. It's still not clear how the session stuff works from a SAML point of view (new to SAML), but I'm guessing that the session needs to be initialized on login? Again, I'm new to this, so I'm just reading through the code to figure out how it all works. |
Hey @ksmithut, I just saw your reply. I found out how to use this properly after viewing another npm which uses this one. Here is the main source file you need to look through: https://github.com/mcguinness/saml-idp/blob/master/app.js |
Thanks :) That was super helpful. Going through this now and implementing it. Thanks! |
the implement options.sessionParticipants.get(requestData.issuer, requestData.sessionIndex, requestData.nameId, function (err, session) {
if (err) { return next(err); }
if (!session && !options.destination) { return next(new Error('Invalid Session Participant')); }
// ... In my case, i have no other participants,but this code assumes that there must be other participants |
The documentation provides us with what a session participant object should look like but does not provide information for when or where to store/create session participants.
This may just be my misunderstanding but could some documentation regarding how and when to create session participants be provided?
The text was updated successfully, but these errors were encountered: