| var fs = require('fs') |
| var http = require('http') |
| |
| var express = require('express') |
| var passport = require('passport') |
| var SamlStrategy = require('passport-saml').Strategy |
| var bodyParser = require('body-parser') |
| var _ = require('lodash') |
| |
| var logger = require('../../util/logger') |
| var urlutil = require('../../util/urlutil') |
| var jwtutil = require('../../util/jwtutil') |
| |
| module.exports = function(options) { |
| var log = logger.createLogger('auth-saml2') |
| var app = express() |
| var server = http.createServer(app) |
| |
| app.set('strict routing', true) |
| app.set('case sensitive routing', true) |
| app.use(bodyParser.urlencoded({extended: false})) |
| app.use(passport.initialize()) |
| |
| passport.serializeUser(function(user, done) { |
| done(null, user) |
| }) |
| passport.deserializeUser(function(user, done) { |
| done(null, user) |
| }) |
| |
| var verify = function(profile, done) { |
| return done(null, profile) |
| } |
| |
| var samlConfig = { |
| path: '/auth/saml/callback' |
| , entryPoint: options.saml.entryPoint |
| , issuer: options.saml.issuer |
| } |
| |
| if (options.saml.certPath) { |
| samlConfig = _.merge(samlConfig, { |
| cert: fs.readFileSync(options.saml.certPath).toString() |
| }) |
| } |
| |
| passport.use(new SamlStrategy(samlConfig, verify)) |
| |
| app.use(passport.authenticate('saml', { |
| failureRedirect: '/auth/saml/' |
| , session: false |
| })) |
| |
| app.post( |
| '/auth/saml/callback' |
| , function(req, res) { |
| if (req.user.email) { |
| res.redirect(urlutil.addParams(options.appUrl, { |
| jwt: jwtutil.encode({ |
| payload: { |
| email: req.user.email |
| , name: req.user.email.split('@', 1).join('') |
| } |
| , secret: options.secret |
| , header: { |
| exp: Date.now() + 24 * 3600 |
| } |
| }) |
| })) |
| } |
| else { |
| log.warn('Missing email in profile', req.user) |
| res.redirect('/auth/saml/') |
| } |
| } |
| ) |
| |
| server.listen(options.port) |
| log.info('Listening on port %d', options.port) |
| } |