Skip to content

Instantly share code, notes, and snippets.

@codecitizen
Created January 19, 2018 10:09
Show Gist options
  • Save codecitizen/7926fac1136304c98ba69ff4978dac7b to your computer and use it in GitHub Desktop.
Save codecitizen/7926fac1136304c98ba69ff4978dac7b to your computer and use it in GitHub Desktop.
var saml2 = require('saml2-js');
const fs = require('fs');
var express = require('express');
var app = express();
var bodyParser = require('body-parser');
app.use(bodyParser.urlencoded({
extended: true
}));
var sp_options = {
entity_id: "http://localhost:3001/metadata.xml",
private_key: fs.readFileSync("privkey").toString(),
certificate: fs.readFileSync("cert").toString(),
assert_endpoint: "http://localhost:3001/saml/login",
force_authn: true,
auth_context: { comparison: "exact", class_refs: ["urn:oasis:names:tc:SAML:1.0:am:password"] },
nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
sign_get_request: false,
allow_unencrypted_assertion: true
}
// Call service provider constructor with options
var sp = new saml2.ServiceProvider(sp_options);
// Example use of service provider.
// Call metadata to get XML metatadata used in configuration.
var metadata = sp.create_metadata();
console.log(metadata);
// Initialize options object
var idp_options = {
sso_login_url: "https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp",
sso_logout_url: "https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp",
certificates: [fs.readFileSync("sso-circle.cert").toString()],
force_authn: true,
sign_get_request: false,
allow_unencrypted_assertion: false
};
// Call identity provider constructor with options
var idp = new saml2.IdentityProvider(idp_options);
// Example usage of identity provider.
// Pass identity provider into a service provider function with options and a callback.
sp.create_login_request_url(idp, {}, function(error, login_url, request_id) {
console.log("Error: " + error);
console.log("Login URL: " + login_url);
console.log("Request ID: " + request_id);
});
// ------ Define express endpoints ------
// Endpoint to retrieve metadata
app.get("/metadata.xml", function(req, res) {
res.type('application/xml');
res.send(metadata);
});
// Starting point for login
app.get("/login", function(req, res) {
sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
if (err != null)
return res.send(500);
res.redirect(login_url);
});
});
// Assert endpoint for when login completes
app.post("/saml/login", function(req, res) {
console.log(req.body.SAMLResponse)
var options = {request_body: req.body};
sp.post_assert(idp, options, function(err, saml_response) {
if (err != null) {
console.log("/saml/login Error: " + err)
console.log("SAML Response: " + saml_response)
return res.send(500);
}
// Save name_id and session_index for logout
// Note: In practice these should be saved in the user session, not globally.
name_id = saml_response.user.name_id;
session_index = saml_response.user.session_index;
res.send("Hello #{saml_response.user.name_id}!");
});
});
// Starting point for logout
app.get("/saml/logout", function(req, res) {
var options = {
name_id: name_id,
session_index: session_index
};
sp.create_logout_request_url(idp, options, function(err, logout_url) {
if (err != null)
return res.send(500);
res.redirect(logout_url);
});
});
app.listen(3001);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment