diff --git a/lib/saml11.js b/lib/saml11.js
index f359aa54..b463bc10 100644
--- a/lib/saml11.js
+++ b/lib/saml11.js
@@ -83,12 +83,25 @@ exports.create = function(options, callback) {
var statement = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'AttributeStatement')[0];
Object.keys(options.attributes).forEach(function(prop) {
if(typeof options.attributes[prop] === 'undefined') return;
-
- //
- // Foo Bar
- //
- var name = prop.indexOf('/') > -1 ? prop.substring(prop.lastIndexOf('/') + 1) : prop;
- var namespace = prop.indexOf('/') > -1 ? prop.substring(0, prop.lastIndexOf('/')) : '';
+
+ var name;
+ var namespace;
+
+ if(prop.includes('http')) {
+ //
+ // Foo Bar
+ //
+ name = prop.indexOf('/') > -1 ? prop.substring(prop.lastIndexOf('/') + 1) : prop;
+ namespace = prop.indexOf('/') > -1 ? prop.substring(0, prop.lastIndexOf('/')) : '';
+
+ } else if(prop.includes('urn:bea:security:saml:groups')) {
+ //
+ // Foo Bar
+ //
+ var nameSubstring = prop.indexOf(':') > -1 ? prop.substring(prop.lastIndexOf(':') + 1) : prop;
+ name = nameSubstring.charAt(0).toUpperCase() + nameSubstring.slice(1);
+ namespace = prop.indexOf(':') > -1 ? prop.substring(0, prop.lastIndexOf('')) : '';
+ }
var attributeElement = doc.createElementNS(NAMESPACE, 'saml:Attribute');
attributeElement.setAttribute('AttributeNamespace', namespace);
attributeElement.setAttribute('AttributeName', name);
diff --git a/test/saml11.tests.js b/test/saml11.tests.js
index d924c278..5fd7caf2 100644
--- a/test/saml11.tests.js
+++ b/test/saml11.tests.js
@@ -125,7 +125,7 @@ describe('saml 1.1', function () {
var isValid = utils.isValidSignature(signedAssertion, options.cert);
assert.equal(true, isValid);
-
+
var attributes = utils.getAttributes(signedAssertion);
assert.equal(3, attributes.length);
assert.equal('emailaddress', attributes[0].getAttribute('AttributeName'));
@@ -253,7 +253,7 @@ describe('saml 1.1', function () {
};
var signedAssertion = saml11.create(options);
var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
-
+
var signature = doc.documentElement.getElementsByTagName('Signature');
assert.equal('saml:Conditions', signature[0].previousSibling.nodeName);
@@ -317,7 +317,7 @@ describe('saml 1.1', function () {
saml11.create(options, function(err, encrypted) {
if (err) return done(err);
-
+
xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
if (err) return done(err);
var isValid = utils.isValidSignature(decrypted, options.cert);
@@ -338,10 +338,10 @@ describe('saml 1.1', function () {
saml11.create(options, function(err, encrypted, proofSecret) {
if (err) return done(err);
-
+
xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
if (err) return done(err);
-
+
var doc = new xmldom.DOMParser().parseFromString(decrypted);
var subjectConfirmationNodes = doc.documentElement.getElementsByTagName('saml:SubjectConfirmation');
assert.equal(2, subjectConfirmationNodes.length);
@@ -374,13 +374,13 @@ describe('saml 1.1', function () {
saml11.create(options, function(err, encrypted) {
if (err) return done(err);
-
+
xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
if (err) return done(err);
var isValid = utils.isValidSignature(decrypted, options.cert);
assert.equal(true, isValid);
-
+
var attributes = utils.getAttributes(decrypted);
assert.equal(3, attributes.length);
assert.equal('emailaddress', attributes[0].getAttribute('AttributeName'));
@@ -392,7 +392,44 @@ describe('saml 1.1', function () {
assert.equal('testaccent', attributes[2].getAttribute('AttributeName'));
assert.equal('http://example.org/claims', attributes[2].getAttribute('AttributeNamespace'));
assert.equal('fóo', attributes[2].firstChild.textContent);
-
+
+ done();
+ });
+ });
+ });
+
+ it('should set group attributes', function (done) {
+ var options = {
+ cert: fs.readFileSync(__dirname + '/test-auth0.pem'),
+ key: fs.readFileSync(__dirname + '/test-auth0.key'),
+ encryptionPublicKey: fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
+ encryptionCert: fs.readFileSync(__dirname + '/test-auth0.pem'),
+ attributes: {
+ 'urn:bea:security:saml:groups' : [
+ 'foo@bar.com',
+ 'Foo Bar',
+ 'fóo', // should supports accents
+ undefined
+ ],
+ }
+ };
+
+ saml11.create(options, function(err, encrypted) {
+ if (err) return done(err);
+
+ xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
+ if (err) return done(err);
+
+ var isValid = utils.isValidSignature(decrypted, options.cert);
+ assert.equal(true, isValid);
+
+ var attributes = utils.getAttributes(decrypted);
+ assert.equal(1, attributes.length);
+ assert.equal('Groups', attributes[0].getAttribute('AttributeName'));
+ assert.equal('urn:bea:security:saml:groups', attributes[0].getAttribute('AttributeNamespace'));
+ assert.equal('foo@bar.com', attributes[0].childNodes[0].textContent);
+ assert.equal('Foo Bar', attributes[0].childNodes[1].textContent);
+ assert.equal('fóo', attributes[0].childNodes[2].textContent);
done();
});
});