/user/saml
The SAML user module exports the saml method as an enpoint for request authentication via SAML.
The module requires the saml2-js module library to be installed. The availability of the module [required] is tries during the module initialisation.
The SAML Service Provider [sp] and Identity Provider [idp] are stored in module variables.
Succesful declaration of the sp and idp requires a Service Provider certificatate key pair ${process.env.SAML_SP_CRT}.pem
and ${process.env.SAML_SP_CRT}.crt
in the XYZ process root.
An Assertation Consumer Service [ACS] endpoint must be provided as process.env.SAML_ACS
The idp requires a certificate ${process.env.SAML_IDP_CRT}.crt
, single sign-on [SSO] login url process.env.SAML_SSO
and logout url process.env.SAML_SLO
.
- Source
Requires
- module:/utils/logger
- module:jsonwebtoken
- module:saml2-js
Methods
(inner) acl_lookup(email) → {Promise.<(Object|Error)>}
The acl_lookup attempts to find a user record by it's email in the ACL.
The user record will be validated and returned to the requesting saml Assertion Consumer Service [ACS].
Name | Type | Description |
---|---|---|
email | string | User email. |
- Source
User object or Error.
- Type:
- Promise.<(Object|Error)>
(inner) saml(req, res)
The saml method requires the sp and idp module variables to be declared as saml2 Service and Identity provider.
The req.url
path is matched with either the metadata
, login
, or acs
methods.
The saml metadata will be sent as application/xml
content if requested.
The saml/login
request path will redirect the request to a saml login request url created by the Service Provider [sp].
The sp will assert a post body sent to the saml/acs
endpoint.
A lookup of the ACL user record will be attempted by the acl_lookup method.
The acl record with the user roles will be assigned to the user object from the saml token email.
The user object is signed as a JSON Web Token and set as a cookie to the HTTP response header.
Name | Type | Description | ||||||
---|---|---|---|---|---|---|---|---|
req | Object | HTTP request. Properties
| ||||||
res | Object | HTTP response. |
- Source