Skip to content

Instantly share code, notes, and snippets.

Created August 25, 2015 01:15
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save websiddu/6bef6b86d7ec33e23be1 to your computer and use it in GitHub Desktop.
"use strict;"
Example script for the passport-uwshib module
This should be run on a server that will be or
already has been registered with the UW Shibboleth
Identity Provider (IdP).
const loginUrl = '/login';
const loginCallbackUrl = '/login/callback';
var http = require('http'); //http server
var https = require('https'); //https server
var fs = require('fs'); //file system
var express = require("express"); //express middleware
var morgan = require('morgan'); //logger for express
var bodyParser = require('body-parser'); //body parsing middleware
var cookieParser = require('cookie-parser'); //cookie parsing middleware
var session = require('express-session'); //express session management
var passport = require('passport'); //authentication middleware
var uwshib = require('passport-uwshib'); //UW Shibboleth auth strategy
// load files and read environment variables
//get server's domain name from environment variable
//this is necessary as the passport-saml library requires
//this when we create the Strategy
var domain = process.env.DOMAIN;
if (!domain || domain.length == 0)
throw new Error('You must specify the domain name of this server via the DOMAIN environment variable!');
var httpPort = process.env.HTTPPORT || 80;
var httpsPort = process.env.HTTPSPORT || 443;
//load public certificate and private key
//used for HTTPS and for signing SAML requests
//put these in a /security subdirectory with the following names,
//or edit the paths used in the following lines
var publicCert = fs.readFileSync('./security/server-cert.pem', 'utf-8');
var privateKey = fs.readFileSync('./security/server-pvk.pem', 'utf-8');
// setup express application and register middleware
var app = express();
format: process.env.LOGFORMAT || 'dev'
app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json({type: 'application/json'}));
secret: fs.readFileSync('./security/session-secret.txt', 'utf-8'),
cookie: {secret: true}
//create the UW Shibboleth Strategy and tell Passport to use it
var strategy = new uwshib.Strategy({
entityId: domain,
privateKey: privateKey,
callbackUrl: loginCallbackUrl,
domain: domain
//These functions are called to serialize the user
//to session state and reconsitute the user on the
//next request. Normally, you'd save only the netID
//and read the full user profile from your database
//during deserializeUser, but for this example, we
//will save the entire user just to keep it simple
passport.serializeUser(function(user, done){
done(null, user);
passport.deserializeUser(function(user, done){
done(null, user);
// login, login callback, and metadata routes
app.get(loginUrl, passport.authenticate(, uwshib.backToUrl());, passport.authenticate(, uwshib.backToUrl());
app.get(uwshib.urls.metadata, uwshib.metadataRoute(strategy, publicCert));
//secure all routes following this
//alternatively, you can use ensureAuth as middleware on specific routes
// app.get('protected/resource', uwshib.ensureAuth(loginUrl), function(req, res) {
// //route code
// });
// application routes
//root resource
//just say hello!
//eventually this will be a static middleware that returns our UI pages
function(req, res) {
//req.user will contain the user object sent on by the
//passport.deserializeUser() function above
res.send('Hello ' + req.user.displayName + '!');
//general error handler
//if any route throws, this will be called
app.use(function(err, req, res, next){
console.error(err.stack || err.message);
res.send(500, 'Server Error! ' + err.message);
// web server creation and startup
//create the HTTPS server and pass the express app as the handler
var httpsServer = https.createServer({
key: privateKey,
cert: publicCert
}, app);
httpsServer.listen(httpsPort, function(){
console.log('Listening for HTTPS requests on port %d', httpsServer.address().port)
//create an HTTP server that always redirects the user to
//the equivallent HTTPS URL instead
var httpServer = http.createServer(function(req, res) {
var redirUrl = 'https://' + domain;
if (httpsPort != 443)
redirUrl += ':' + httpsPort;
redirUrl += req.url;
res.writeHead(301, {'Location': redirUrl});
httpServer.listen(httpPort, function() {
console.log('Listening for HTTP requests on port %d, but will auto-redirect to HTTPS', httpServer.address().port);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment