Giter Site home page Giter Site logo

hapi-passport-saml's Introduction

hapi-passport-saml

A Hapi plugin that wraps passport-saml for SAML SSO (as SP)

Install

npm install hapi-passport-saml

Configuring Hapi server example

Uses Feide.no as IdP, read passport-saml for how to use options

var Hapi = require('hapi');
var Boom = require('boom');
var debug = require('debug')('api:main');
var fs = require('fs');


// Create a server with a host and port
var server = module.exports = new Hapi.Server();
server.connection({
    host: 'localhost',
    port: 8080
});

var decryptionCert = fs.readFileSync(__dirname + '/../../localhost-saml.crt').toString();

// Dependencies
server.app = {
  decryptionCert: decryptionCert
};


var controllers = [
    {
        register: require('../controllers/saml')
    }
];

var serverPlugins = [
  {
    register: require('hapi-passport-saml'),
    options: {
        callbackUrl: 'http://localhost/api/sso/v1/assert',
        host: 'localhost',
        protocol: 'http',
        entryPoint: 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
        decryptionPvk: fs.readFileSync(__dirname + '/localhost-saml.pem').toString(),
        cert: fs.readFileSync(__dirname + '/feide-idp.crt').toString(),
        issuer: 'my-issuer-sp-saml'
    }
  }
];

server.register(serverPlugins, function(err) {


  server.register(controllers,
   {
     routes: {
       prefix: '/api'
     }
   }, function() {
    if (!module.parent) {
      server.start(function () {
        console.log('Server started at port ' + server.info.port);
      });
    }
  });

});

Hapi routes

var debug = require('debug')('saml');
var samlCtrl = require('./v1');

exports.register = function(plugin, options, next) {

  plugin.route({
    method: 'GET',
    path: '/sso/v1/metadata.xml',
    handler: samlCtrl.metadata,
    config: {
        description: 'metadata',
        notes: 'metadata',
        tags: ['api']
    }
  });
    
  plugin.route({
    method: 'GET',
    path: '/sso/v1/login',
    handler: samlCtrl.login,
    config: {
        description: 'login',
        notes: 'login',
        tags: ['api']
    }
  });
        
  plugin.route({
    method: 'POST',
    path: '/sso/v1/assert',
    handler: samlCtrl.assert,
    config: {
        description: 'assert',
        notes: 'assert',
        tags: ['api']
    }
  });
    
  plugin.route({
    method: 'GET',
    path: '/sso/v1/logout',
    handler: samlCtrl.logout,
    config: {
        description: 'logout',
        notes: 'logout',
        tags: ['api']
    }
  });

  next();
};

exports.register.attributes = {
  pkg: require('./package.json')
};

Hapi controller

var debug = require('debug')('saml:ctrl');



/**
 * Endpoint to retrieve metadata
 * @function
 * @param {Object} request - A Hapi Request
 * @param {Object} reply - A Hapi Reply
 */
exports.metadata = function (request, reply) {
    var saml = request.server.plugins['hapi-passport-saml'].instance;
    return reply(saml.generateServiceProviderMetadata(request.server.app.decryptionCert))
            .type('application/xml');
};

/**
 * Login
 * @function
 * @param {Object} request - A Hapi Request
 * @param {Object} reply - A Hapi Reply
 */
exports.login = function (request, reply) {
    var saml = request.server.plugins['hapi-passport-saml'].instance;
    
    saml.getAuthorizeUrl({
        headers: request.headers,
        body: request.payload,
        query: request.query
    }, function(err, loginUrl) {
        if (err !== null)
            return reply.code(500);
        return reply.redirect(loginUrl);        
    });
};

/**
 * Assert endpoint for when login completes
 * @function
 * @param {Object} request - A Hapi Request
 * @param {Object} reply - A Hapi Reply
 */
exports.assert = function (request, reply) {
    var saml = request.server.plugins['hapi-passport-saml'].instance;

    var options = {
        request_body: request.payload
    };
    
    if (request.payload.SAMLRequest) {
    // Implement your SAMLRequest handling here
        debug(request.payload);
        return reply(500);
    }
    if (request.payload.SAMLResponse) {
        // Handles SP use cases, e.g. IdP is external and SP is Hapi
        saml.validatePostResponse(request.payload, function(err, profile) {
            debug(err);
            debug(profile);
            if (err !== null)
                return reply.code(500);

            // Save name_id and session_index for logout
            // Note:  In practice these should be saved in the user session, not globally.
            var name_id = profile.nameID;
            var session_index = profile.sessionIndex;

            request.server.app.name_id = name_id;
            request.server.app.session_index = session_index;
            return reply("Hello " + profile.nameID+"!");
        });
    }
};



/**
 * Logout
 * @function
 * @param {Object} request - A Hapi Request
 * @param {Object} reply - A Hapi Reply
 */
exports.logout = function (request, reply) {
    var options = {
        name_id: request.server.app.name_id,
        session_index: request.server.app.session_index
    };

    var saml = request.server.plugins['hapi-passport-saml'].instance;
    
    saml.getLogoutUrl(request, function(err, url) {
        if (err !== null)
            return reply.code(500);
        return reply.redirect(url);        
    });
};

References, Ideas and Based from

License

MIT

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.