node.jssingle-sign-onpassport.jspassport-saml

PassportJS with passport-saml, how to get SAML request ID?


I'm using PassportJS and passport-saml to connect to a SSO server. I want to have the ID that is into the SAML request (/login route) in order to store a key with this ID. Then in the callback (/login/callback I can recover the Key because the ID is passed into the SAML response.

How can I access the SAML of the request ? Or at least the ID ?

Here is my code for the login and callback routes :

var samlStrategy = new saml.Strategy({
    callbackUrl: "https://somedomain.test/boapi/ssocallback",
    entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
    issuer: 'issuer-saml',
    decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
    privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
    validateInResponseTo: false,
    cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
    disableRequestedAuthnContext: true,
    acceptedClockSkewMs: 0 
}, (profile, done) => {
    return done(null, profile);
});

passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));

app.get('/login',
    (req, res, next) => {
        passport.authenticate('samlStrategy', (err, user, info) => {
            // I tried here but it's never called
            return;
        })(req, res, next);
    }
);

app.post('/login/callback',
    (req, res, next) => {
        next();
    },
    passport.authenticate('samlStrategy'),
    (req, res) => {
        const firstName = req.user?.firstName
        const lastName = req.user?.lastName
        const email = req.user?.email
        res.send({email, firstName, lastName});
    }
);

Solution

  • I didn't find a way to have the SAML request ID, so instead of storing my data with this ID I set a cookie in the /login route and then read it in the /callback route.

    app.get('/login',
        (req, res, next) => {
            res.cookie(myDataCookieName, req.query.myData, { maxAge: 1000 * 60 * 15, httpOnly: true, sameSite: "none", secure: true });
            next();
        },
        passport.authenticate('samlStrategy', {
            session: false,
        }),
    );
    
    app.post('/login/callback',
        (req, res, next) => {
            next();
        },
        passport.authenticate('samlStrategy', {
            session: false,
        }),
        (req, res) => {
            const firstName = req.user?.firstName;
            const lastName = req.user?.lastName;
            const email = req.user?.email;
            const myData = req.cookies[myDataCookieName];
    
            res.send({ email, firstName, lastName, myData });
        }
    );