expresspassport.jspassport-saml

passport saml how to pass profile data to route


when I created passport-saml strategy, during login, there is a profile object pass to the middleware function, with nameID info there. I need that info to call logout later on.

// passportHandler.js
const passport = require("passport");
const passportSaml = require("passport-saml");

passport.serializeUser((user, done) => {
  done(null, user);
});

passport.deserializeUser((user, done) => {
  done(null, user);
});

// SAML strategy for passport -- Single IPD
const samlStrategy = new passportSaml.Strategy(
  {
    entryPoint: process.env.SSO_ENTRYPOINT,
    logoutUrl: process.env.SSO_LOGOUT,
    issuer: process.env.SSO_ISSUER,
    callbackUrl: process.env.SSO_CALLBACK_URL || undefined,
    path: process.env.path,
    cert: process.env.SSO_CERT.replace(/\\n/gm, "\n"), // change "\n" into real line break
  },
  (profile, done) => {
    console.log('profile', profile);  // nameID and nameIDFormat are in profile object
    done(null, profile)
  }
);

passport.use(samlStrategy);

module.exports = passport;

index.js

// index.js of Express server
import passport from "./src/passportHandler";
import { getLogout } from "./src/routes.js";
const app = express();
app.use(passport.initialize());
app.use(passport.session());
app.get('/sso/logout', getLogout); // this route, I need the above 2 data

getLogout function import from another file, I hardcode nameID and nameIDFormat, how do I get them from the beginning profile object, save them somewhere, and pass them to this route?

// routes.js
export const getLogout = (req, res) => {
  !req.user && (req.user = {})
  req.user.nameID = 'Eric1234@outlook.onmicrosoft.com'; // hardcode, how to pass this info?
  req.user.nameIDFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; // hardcode too
  const samlStrategy = req._passport?.instance?._strategies?.saml;  // is this correct?
  samlStrategy.logout(req, (err, request) => {
    if (!err) {
      res.redirect(request);
    }
  })
};

my second question is, I get the samlStrategy object from req._passport?.instance?._strategies?.saml, is it a proper way to get it? or, again the similar question, how can I pass saml strategy obj from the beginning create logic to this route?

thanks for any help!


Solution

  • answering my own silly question...

    in samlStrategy, at last calling done(null, profile)

    const samlStrategy = new passportSaml.Strategy(
      {
        entryPoint: process.env.SSO_ENTRYPOINT,
        logoutUrl: process.env.SSO_LOGOUT,
        issuer: process.env.SSO_ISSUER,
        callbackUrl: process.env.SSO_CALLBACK_URL || undefined,
        path: process.env.path,
        cert: process.env.SSO_CERT.replace(/\\n/gm, "\n"), // change "\n" into real line break
      },
      (profile, done) => {
        console.log('profile', profile);  // nameID and nameIDFormat are in profile object
        done(null, profile)
      }
    );
    

    then the profile object will become req.user object in the Service Provider's Login Post Callback function

    Then I can save the user object somewhere, and use it again when logout being called.