-
Notifications
You must be signed in to change notification settings - Fork 42
/
app.js
101 lines (85 loc) · 2.55 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
var http = require('http');
var fs = require('fs');
var express = require("express");
var dotenv = require('dotenv');
var bodyParser = require('body-parser');
var cookieParser = require('cookie-parser');
var session = require('express-session');
var passport = require('passport');
var saml = require('passport-saml');
dotenv.load();
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
var samlStrategy = new saml.Strategy({
// URL that goes from the Identity Provider -> Service Provider
callbackUrl: process.env.CALLBACK_URL,
// URL that goes from the Service Provider -> Identity Provider
entryPoint: process.env.ENTRY_POINT,
// Usually specified as `/shibboleth` from site root
issuer: process.env.ISSUER,
identifierFormat: null,
// Service Provider private key
decryptionPvk: fs.readFileSync(__dirname + '/cert/key.pem', 'utf8'),
// Service Provider Certificate
privateCert: fs.readFileSync(__dirname + '/cert/key.pem', 'utf8'),
// Identity Provider's public key
cert: fs.readFileSync(__dirname + '/cert/idp_cert.pem', 'utf8'),
validateInResponseTo: false,
disableRequestedAuthnContext: true
}, function(profile, done) {
return done(null, profile);
});
passport.use(samlStrategy);
var app = express();
app.use(cookieParser());
app.use(bodyParser());
app.use(session({secret: process.env.SESSION_SECRET}));
app.use(passport.initialize());
app.use(passport.session());
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated())
return next();
else
return res.redirect('/login');
}
app.get('/',
ensureAuthenticated,
function(req, res) {
res.send('Authenticated');
}
);
app.get('/login',
passport.authenticate('saml', { failureRedirect: '/login/fail' }),
function (req, res) {
res.redirect('/');
}
);
app.post('/login/callback',
passport.authenticate('saml', { failureRedirect: '/login/fail' }),
function(req, res) {
res.redirect('/');
}
);
app.get('/login/fail',
function(req, res) {
res.status(401).send('Login failed');
}
);
app.get('/Shibboleth.sso/Metadata',
function(req, res) {
res.type('application/xml');
res.status(200).send(samlStrategy.generateServiceProviderMetadata(fs.readFileSync(__dirname + '/cert/cert.pem', 'utf8')));
}
);
//general error handler
app.use(function(err, req, res, next) {
console.log("Fatal error: " + JSON.stringify(err));
next(err);
});
var server = app.listen(4006, function () {
console.log('Listening on port %d', server.address().port)
});