UNPKG

cloudcms-server

Version:

Cloud CMS Application Server Module

github.com/gitana/cloudcms-server

gitana/cloudcms-server

111 lines (98 loc) 3.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
//var auth = require("../../../util/auth"); var SamlStrategy = require('@node-saml/passport-saml').Strategy; var AbstractProvider = require("./abstract"); if (!process.configuration) { process.configuration = {}; } if (!process.configuration.providers) { process.configuration.providers = {}; } if (!process.configuration.providers.saml) { process.configuration.providers.saml = {}; } if (process.env.CLOUDCMS_AUTH_PROVIDERS_SAML_ENABLED === "true") { process.configuration.providers.saml.enabled = true; } /** * "SAML" Authentication Provider * * Provider-specific configuration: * * "entryPoint": "http://localhost:9090/auth/realms/master/protocol/saml", * "issuer": "myapp" * * Where: * * - "entrypoint" is the URL of the SAML endpoint * - "issuer" is the name of the client * * This provider does NOT support loading profiles. As such, it only works with trusted tokens. * A JWT (or similar) request adapter must be enabled and the token must contain everything needed. * * The SAML endpoint must write the JWT token down into the browser (cookie) after login. * * @return {Function} */ class SAMLProvider extends AbstractProvider { constructor(req, config) { super(req, config); if (!config.properties) { config.properties = {}; } if (!config.properties.id) { config.properties.id = "nameID"; } // strategy config var samlConfig = {}; samlConfig.acceptedClockSkewMs = -1; // because SamlStrategy does not handle timezone changes correctly with before/after timestamps samlConfig.passReqToCallback = true; if (config.entryPoint) { samlConfig.entryPoint = config.entryPoint; } if (config.cert) { samlConfig.idpCert = config.cert; } var callbackUrl = config.callbackURL; if (!callbackUrl) { callbackUrl = config.callbackUrl; } if (callbackUrl) { samlConfig.callbackUrl = "http://localhost:5000" + callbackUrl; } if (config.issuer) { samlConfig.issuer = config.issuer; } // bind strategy to passport var provider = this; this.samlStrategy = new SamlStrategy(samlConfig, function (req, profile, done) { var info = {}; info.providerId = config.id; info.providerUserId = provider.userIdentifier(profile); done(null, profile, info); }); req.passport.use(this.samlStrategy); } /** * @override */ handleAuth(req, res, next) { req.passport.authenticate("saml", { failureRedirect: this.config.failureRedirect, failureFlash: true })(req, res, next); }; /** * @override */ handleAuthCallback(req, res, next, cb) { req.passport.authenticate("saml", { session: false, failureFlash: true }, cb)(req, res, next); }; } module.exports = SAMLProvider;