Merge pull request #245 from anvilresearch/vsimonian-saml-2.0

christiansmith · christiansmith · commit ec73dd6d2161 · 2015-10-17T12:35:57.000-07:00
Implement SAML 2.0 protocol support
diff --git a/lib/authenticator.js b/lib/authenticator.js
@@ -78,7 +78,7 @@ function dispatch (provider, req, res, next, options, callback) {
 
   if (!callback && typeof options === 'function') {
     callback = options
-    options = undefined
+    options = {}
   }
 
   var strategy = Object.create(baseStrategy)
diff --git a/package.json b/package.json
@@ -123,6 +123,7 @@
     "passport-ldapauth": "^0.3.0",
     "passport-local": "~1.0.0",
     "passport-openid": "^0.4.0",
+    "passport-saml": "^0.13.0",
     "passport-strategy": "~1.0.0",
     "qs": "^5.0.0",
     "revalidator": "^0.3.1",
diff --git a/protocols/SAML2.js b/protocols/SAML2.js
@@ -0,0 +1,46 @@
+/**
+ * Module dependencies
+ */
+
+var fs = require('fs')
+var SAMLStrategy = require('passport-saml').Strategy
+var User = require('../models/User')
+
+/**
+ * Verifier
+ */
+
+function verifier (provider, configuration) {
+  return function (req, user, done) {
+    user.id = user[provider.mapping.id]
+    console.log(user, user.getAssertionXml())
+    User.connect(req, null, user, done)
+  }
+}
+
+/**
+ * Initialize
+ */
+
+function initialize (provider, configuration) {
+  configuration.passReqToCallback = true
+  configuration.path = provider.callbackUrl
+  configuration.callbackUrl = provider.callbackUrl
+
+  if (typeof configuration.cert === 'string') {
+    try {
+      configuration.cert = fs.readFileSync(configuration.cert, 'utf-8')
+    } catch (err) {}
+  }
+
+  return new SAMLStrategy(configuration, verifier(provider, configuration))
+}
+
+/**
+ * Exports
+ */
+
+module.exports = {
+  verifier: verifier,
+  initialize: initialize
+}
diff --git a/providers/SAML2.js b/providers/SAML2.js
@@ -0,0 +1,11 @@
+/**
+ * SAML 2.0
+ */
+
+module.exports = function (config) {
+  return {
+    id: 'SAML2',
+    name: 'SAML2',
+    templates: ['SAML2']
+  }
+}
diff --git a/providers/templates/SAML2.js b/providers/templates/SAML2.js
@@ -0,0 +1,29 @@
+/**
+ * Basic SAML 2.0 provider template
+ */
+
+module.exports = function (config, templateConfig) {
+  return {
+    id: 'SAML2',
+    protocol: 'SAML2',
+    callbackUrl: config.issuer + '/connect/SAML2/callback',
+    mapping: {
+      id: 'uid',
+      email: 'email',
+      name: 'cn',
+      givenName: 'givenName',
+      familyName: 'sn',
+      phoneNumber: 'telephoneNumber',
+      address: function (info) {
+        return {
+          formatted: info.postalAddress,
+          street_address: info.street,
+          locality: info.l,
+          region: info.st,
+          postal_code: info.postalCode,
+          country: info.co
+        }
+      }
+    }
+  }
+}
diff --git a/routes/connect.js b/routes/connect.js
@@ -4,9 +4,24 @@
 
 var settings = require('../boot/settings')
 var oidc = require('../oidc')
+var mailer = require('../boot/mailer').getMailer()
 var authenticator = require('../lib/authenticator')
 var qs = require('qs')
 var NotFoundError = require('../errors/NotFoundError')
+var providers = require('../providers')
+
+var providerInfo = {}
+var providerNames = Object.keys(providers)
+for (var i = 0; i < providerNames.length; i++) {
+  providerInfo[providerNames[i]] = providers[providerNames[i]]
+}
+var visibleProviders = {}
+// Only render providers that are not marked as hidden
+Object.keys(settings.providers).forEach(function (providerID) {
+  if (!settings.providers[providerID].hidden) {
+    visibleProviders[providerID] = settings.providers[providerID]
+  }
+})
 
 /**
  * Third Party Provider Authorization Endpoints
@@ -59,8 +74,10 @@ module.exports = function (server) {
             res.render('signin', {
               params: qs.stringify(req.connectParams),
               request: req.body,
-              providers: info.providers,
-              error: info.message
+              error: info.message,
+              providers: visibleProviders,
+              providerInfo: providerInfo,
+              mailSupport: !!(mailer.transport)
             })
 
           // login the user
@@ -88,6 +105,7 @@ module.exports = function (server) {
   }
 
   server.get('/connect/:provider/callback', handler)
+  server.post('/connect/:provider/callback', handler)
 
   /**
    * Revoke Third Party Authorization

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ function dispatch (provider, req, res, next, options, callback) {`
`78`	`78`
`79`	`79`	`if (!callback && typeof options === 'function') {`
`80`	`80`	`callback = options`
`81`		`- options = undefined`
	`81`	`+ options = {}`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`var strategy = Object.create(baseStrategy)`