Passport-saml implementation

Question

I am trying to get Passport working with any strategy but ultimately I would like to get it working with a SAML implementation. Right now it seems that it always fails as soon as the strategy is called. I am wondering if perhaps my server handler chain is set up wrong?

`

'use strict';
// ---------------------------------- BEGIN MODULE SCOPE VARIABLES ----------------------------------
var
  http     = require('http'),
  express  = require('express'),
  session  = require('express-session'),
  path     = require("path"),
  samlStrategy  = require('passport-saml').Strategy,
  passport = require('passport'),
  //flash    = require('connect-flash'),
  morgan   = require('morgan'),
  app = express(),
  server = http.createServer(app);

// ---------------------------------- END MODULE SCOPE VARIABLES ------------------------------------

// ---------------------------------- BEGIN SERVER CONFIGURATION ------------------------------------

app.configure(function () {
  app.use(app.router);
  app.use(express.cookieParser());
  app.use(express.bodyParser());
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(express.methodOverride());
  app.use(morgan('dev')); // log every request to the console
  app.use(express.static(__dirname + '/public'));
});

passport.use('saml', new samlStrategy({

    path: '/login/callback',
    entryPoint: 'https://openidp.feide.no/simplesaml/module.php/openidProvider/user.php/sso',
    issuer: 'passport-saml',
    protocol: 'http://',
    cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='
    //privateCert: fs.readFileSync('./cert.pem', 'utf-8')
  },
  function(profile, done) {
    console.log("Auth with", profile);
    if (!profile.email) {
      return done(new Error("No email found"), null);
    }
    // asynchronous verification, for effect...
    process.nextTick(function () {
      findByEmail(profile.email, function(err, user) {
        if (err) {
          return done(err);
        }
        if (!user) {
          // "Auto-registration"
          users.push(profile);
          return done(null, profile);
        }
        return done(null, user);
      })
    });
  }
));

app.get('/XA', passport.authenticate('local-login', {
    failureRedirect: '/404.html', // redirect
    failureFlash: false // allow flash messages
  })
);

app.get('/XA/callback',
  passport.authenticate('saml', {
    successRedirect : '/index.html',
    failureRedirect : '/failure'
  }));`

ploer · Accepted Answer

I can't tell from the above exactly what your failure is, but one thing you may want to try is passing the samlFallback: login-request parameter to your authenticate calls.

Without this I don't believe the library will redirect logins on to your SAML provider's entry point, and so calls to that route will just appear to fail authentication.

--

Update:

As of version 0.4.0, I've just made samlFallback: login-request the default, so you should be able to just update your passport-saml version and get the right behavior.

Passport-saml implementation

Answers (1)

Related Questions