UNPKG

loopback-component-cas

Version:

Loopback CAS Authentification

github.com/sbechet/loopback-component-cas

sbechet/loopback-component-cas

161 lines (124 loc) 3.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# loopback-component-cas This component provides a loopback native implementation of a [CAS Protocol Specification](https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-Specification.html). Use it with [loopback](https://github.com/strongloop/loopback) * [SAML](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) * [SAML v1.1](https://en.wikipedia.org/wiki/SAML_1.1) DONE : CASv1, CASv2, CASv3, SAMLv1.1 TODO : SLO logout, SAMLv2, Regression Test ## Installation * `npm i loopback-component-cas` * Don't forget to add `express-xml-bodyparser` to your project ## Configuration ### Application Model You MUST use `application` model to store RegExp url field. ### User Model User model MUST have a `profile` entry with user JSON profile AND `uuid` for each user. Example in `common/models/account.json`: ```json { "name": "Account", "base": "User", "idInjection": true, "options": { "validateUpsert": true }, "properties": { "uuid": { "type": "string", "required": true }, "profile": { "type": "string" } }, "validations": [], "relations": {}, "acls": [], "methods": {} } ``` ### AccessToken model In `model-config.json`, add appId field and modify belongsTo relation to use Account. ```json "AccessToken": { ... "relations": { "application": { "type": "belongsTo", "model": "Application", "foreignKey": "appId" }, "user": { "type": "belongsTo", "model": "Account", "foreignKey": "userId" } } } ``` ### login and logout WEB Pages CAS redirect on theses pages if necessary. #### login Page parameter * `redirect` [OPTIONAL] - the full URL-encoded cas login service as described in section 2.2 of RFC 3986 (ex. ${accessUrl}/cas/login?service=serviceUrl) #### logout Page parameter * `redirect` [OPTIONAL] - the full URL-encoded service URL as described in section 2.2 of RFC 3986 ### `token`, `cookie-parser` and `express-xml-bodyparser` In `server/middleware.json`, add in request cookie-parser, token and express-xml-bodyparser ```json "session:before": { "cookie-parser": { "params": "${cookieSecret}" } }, "auth": { "loopback#token": { "params": { "model": "AccessToken" } } }, "parse": { "express-xml-bodyparser": { "params": { "normalize": true, "normalizeTags": false, "explicitArray": false } } } ``` Don't forget to add `config.json#cookieSecret`. ## Component configuration In `server/component-config.json` ```json "./components/loopback-component-cas": { "accessUrl": "https://my.access.Url" "serviceTicketTTL": 60000, "loginPage": "/account/signin", "logoutPage": "/account/signout", "userModel": "User", "attributes": [ "authenticationDate", "longTermAuthenticationRequestTokenUsed", "isFromNewLogin", "memberOf", "email", "displayName", "firstname", "lastname", "languages", "userId", "uuid" ], "loginCallback": "loginCallback" } ``` `${userModel}.uuid` is always injected Attributes may comply with [contact schema](https://tools.ietf.org/html/draft-smarr-vcarddav-portable-contacts-00) established by [Joseph Smarr][schema-author]. Attributes can be any key from `${userModel}.profile`. If optional `loginCallback(req, service, user)` exist, `loopback-component-cas` call it when login occure. ### Specific case * `email` come from model `${userModel}.email` * `firstname` come from `${userModel}.profile.name.givenName` * `lastname` come from `${userModel}.profile.name.familyName`