node.jspassport.jssamlpassport-saml

Passport + SAML with metadata.xml file


I'm setting up a web application with express and ejs and need to integrate SAML authentication. I've got a metadata.xml, a public cert and a private key. Now I want to set up this strategy and use it for authentication. I tried to use a module called passport-saml-metadata, but whenever I try to authenticate it says: Error: Unknown authentication strategy "saml" although it is defined and exported within the same file as other strategies which work.

First I tried to manually configure SAML with the passport-saml module, but then I noticed that their is a passport-saml-metadata which can process my metadata file and build up the strategy, so I decided to use this one. I now have a 'valid' (it does not complain at any time in execution), but the stragety is not found when I call the route. Other strategys in the same file, are recognized and working without hassle.

passport config:

// Read the metadata
const reader = new MetadataReader(
    fs.readFileSync(path.join(__dirname, './metadata.xml'), 'utf8')
);
const ipConfig = toPassportConfig(reader);

const spPublicCertificate = path.join(__dirname, './server.crt');
    const spPrivateKey = path.join(__dirname, './private_key.pem');

    const spConfig = {
        callbackUrl: `http://localhost:3300/auth/saml/sso/callback`,
        logoutCallbackUrl: `http://localhost:3300/auth/saml/slo/callback`,
        issuer: '/shibboleth',
        privateCert: spPrivateKey
    };

    const strategyConfig = {
        ...ipConfig,
        ...spConfig,
        validateInResponseTo: false,
        disableRequestedAuthnContext: true,
    };

    const verifyProfile = (profile, done) => {
        return done(null, { ...profile, test: 'xxx' });
    };
const samlStrategy = new saml.Strategy(strategyConfig, verifyProfile);
    passport.use(samlStrategy);

call in app.js

// Login Oauth
router.get('/okta', passport.authenticate('oauth2'));

// Login SAML
router.get('/saml', passport.authenticate('saml'));

I expect that the strategy is recognized by passport like oauth2 which is defined in the same file as saml. Because both files are exported and no error is shown during execution (besided that the strategy cannot be found), I expect that at least it would call the auth and that I can spot any error.


Solution

  • Just had to set passport.use(samlStrategy); to passport.use('saml',samlStrategy);

    because it would not recognize the strategy otherwise...