@maderaunified/musd-saml NPM

@maderaunified/musd-saml

Madera Unified SAML Implementation

Install

$ npm install @maderaunified/musd-saml

Usage

const musdSAML = require("@maderaunified/musd-saml");

const app = express();

// Express Setup

musdSAML.init( app );

// Create Server, etc.

Methods

init( app, userModel )

Use init to instantiate all routes and initiate SAML strategies. Profile is object returned to service provider. Application can define it's own object to send to the client

const userModel = ( profile, done ) => 
    done( null, {
        email          : profile.nameID,
        employeeType   : profile.employeeType,
        employeeNumber : profile.employeeNumber
    } );

musdSAML.init( app, userModel );

isAuth( req )

Returns boolean value as to whether the user is logged in

router.get(
    '/route',
    ( req, res ) => {
        if ( isAuth( req ) ) {
            res.render(
                config.routes.appView,
                {
                    user : req.user
                }
            );
        }
        else {
            res.render(
                config.routes.appView,
                {
                    user : null
                }
            );
        }
    }
);

Environment Variables

Required

APP_ROUTE - Home page route for application ( Can be url if API and Client are separate )
- default : '/'
SAML_ISSUER - Accessing URL. Change to be application specific
- default : 'https://localhost.madera.k12.ca.us:3000'
HOST - URL for callback
- default : 'localhost.madera.k12.ca.us:3000'
PROTOCOL - Protocol for callback
- default - http://
KEY_PATH - local path to Madera Certificate Key
PUB_KEY_PATH - local path to Madera Public Certificate
LDAP_PATH - URL to Madera AD Server
LDAP_BASEDN - BASE DN for Madera LDAP Server
LDAP_USERNAME - User with access to Madera LDAP Server
LDAP_PASSWORD - Password for user to Madera LDAP Server

Optional

APP_VIEW - view to load for app route
- default : 'index'
LOGIN_ROUTE - Route for login. Recommend not change
- default : '/login'
LOGOUT_ROUTE - Route used for logout. Recommend not change
- default : '/logout'
USER_ROUTE - Route to access user information
- default : '/user'
USER_VIEW - View to load for user route
- default : 'user'
SAML_PATH - Callback point for SAML provider. Recommend not change
- default : '/login/callback'
SAML_ENTRY_POINT - Identity Provider Entry Point. Recommend not change
- default : 'https://selfservice.madera.k12.ca.us/idp/profile/SAML2/Redirect/SSO'
SAML_LOGOUT_URL - Identity Provider Logout Point. Recommend not change
- default : 'https://selfservice.madera.k12.ca.us/idp/logout'
IDENTIFIER_FORMAT - nameID format. Recommend not change
- default : 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'