I'm using PassportJS and passport-saml to connect to a SSO server.
I want to have the ID that is into the SAML request (/login
route) in order to store a key with this ID. Then in the callback (/login/callback
I can recover the Key because the ID is passed into the SAML response.
How can I access the SAML of the request ? Or at least the ID ?
Here is my code for the login and callback routes :
var samlStrategy = new saml.Strategy({
callbackUrl: "https://somedomain.test/boapi/ssocallback",
entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
issuer: 'issuer-saml',
decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
validateInResponseTo: false,
cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
disableRequestedAuthnContext: true,
acceptedClockSkewMs: 0
}, (profile, done) => {
return done(null, profile);
});
passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));
app.get('/login',
(req, res, next) => {
passport.authenticate('samlStrategy', (err, user, info) => {
// I tried here but it's never called
return;
})(req, res, next);
}
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy'),
(req, res) => {
const firstName = req.user?.firstName
const lastName = req.user?.lastName
const email = req.user?.email
res.send({email, firstName, lastName});
}
);
I didn't find a way to have the SAML request ID, so instead of storing my data with this ID I set a cookie in the /login
route and then read it in the /callback
route.
app.get('/login',
(req, res, next) => {
res.cookie(myDataCookieName, req.query.myData, { maxAge: 1000 * 60 * 15, httpOnly: true, sameSite: "none", secure: true });
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
(req, res) => {
const firstName = req.user?.firstName;
const lastName = req.user?.lastName;
const email = req.user?.email;
const myData = req.cookies[myDataCookieName];
res.send({ email, firstName, lastName, myData });
}
);