1.0.3 • Published 2 years ago

saml-sp v1.0.3

Weekly downloads
-
License
MIT
Repository
-
Last release
2 years ago

SAML-SP

SAML Service Provider Node.js Library

SAML-SP is a simple node.js library that allows for easy SAML service provider entity creation along with its RSA key-pairs and the decryption of assertions.

Features

  • Generate RSA key-pairs or use existing ones.
  • Create the service provider metadata file to be uploaded to the Identity provider.
  • Formats and decrypts the assertions from the SAML response.

Installation

npm i saml-sp

Examples

1. Configure the Service provider

const SAML = require("saml-sp");
const assertionEndpoint = "http://localhost:8888/saml/consume";

let sp = new SAML.ServiceProvider({
    assertionEndpoint: assertionEndpoint
});

sp.saveRSAKeys(); // this will save the private key and certificate in the current directory
sp.createMetaData(); // this will save the metadata.xml file in the current directory

2. Reading the SAMLResponse

const SAML     = require("saml-sp");
const express  = require('express');
let app        = express();

const IDP_URL = "https://[IDP]/sso/saml"; // Okta or AWS

app.get('/login', function(req, res){
    let SAMLRequest     = new SAML.Request(IDP_URL, REDIRECT_URI);
    let authNRequestURL = SAMLRequest.createAuthNURL();

    // if okta then do not use the authNRequest URL
    res.redirect(IDP_URL);

    /* if authenticating against AWS SSO then use the authNRequestURL
        res.redirect(authNRequestURL);
    */
});

app.post('/saml/consume', function(req, res, next){
    let SAMLResponse = new SAML.Response(req);
    SAMLResponse.decryptAssertions().then((decrypted_assertions) => {
        console.log(decrypted_assertions);
    });
});

app.get('/saml/consume', function(req,res){
    res.redirect("/login");
});

app.listen(8888);

Library Components

The library exposes three different classes each one is used for a different phase of the SAML implementation as follows:

1. Service provider Class

let sp = new SAML.ServiceProvider(options); The options is an object that can have the following attributes: | Attrbute | note | | ------ | ------ | | assertionEndpoint (*Required*) | The redirect URI after a successful authentication with the IDP | | encyptionKeyLength | The length of the encryption key. default=1024 | | certificate | Supply a PEM certificate if you already have one, otherwise one will be created for you. | | privateKey | Supply a PEM Private Key if you already have one, otherwise one will be created for you. | | entityID | An optional entity ID to be added to your SAML requests. |

2. Request Class

let sp = new SAML.Request(IDP_URL, ASSERTION_ENDPOINT);
let authNRequestURL = SAMLRequest.createAuthNURL();

Used to create the AuthNRequest for Identity providers such as AWS SSO, please note that some Identity providers like okta do not expect a SAML request in the URL therefore the user should be redirected to the SSO url without using this option.

Attrbutenote
IDP_URL (*Required*)The SSO URL given to you by the Identity provider, this is where users go to authenticate.
ASSERTION_ENDPOINT (*Required*)The redirect URI after a successful authentication with the IDP

3. Response Class

let SAMLResponse = new SAML.Response(req);
SAMLResponse.decryptAssertions().then((decrypted_assertion) => {
    console.log(decrypted_assertion);
});

This class is used to interpret the SAMLResponse and decrypt the assertions. | Attrbute | note | | ------ | ------ | | req (*Required*) | The req object given by express js POST route. |

License

MIT

samlsso
xml-encryptionxmlbuilder2xmldomselfsigned
1.0.3

2 years ago

1.0.2

2 years ago

1.0.1

2 years ago