Skip to content

u0078867/passport-saml-kuleuven

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

103 Commits
.env
.env
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.js
app.js
 
 
cert.pem
cert.pem
 
 
idp_cert.pem
idp_cert.pem
 
 
key.pem
key.pem
 
 
package.json
package.json
 
 

Repository files navigation

passport-saml-kuleuven

This node.js web application demonstrates SSO authentication provided by KULeuven's Shibboleth Server, using the passport-saml package.

Config

This app requires 3 files to be placed in the project's root directory. These files include (1) the certificate of the Identity Provider (IdP). In this case, LULeuven's Shibboleth Server is the IdP. As a Service Provider (SP), you need to generate your own (2) certificate and (3) private key. These files are named as follows:

  1. cert_idp.pem: IdP's certificate.
  2. cert.pem: SP's certificate (generated by you)
  3. key.pem: SP's private key (generated by you)

Creating Private Key and Certificates

Generate the SP files with the following command:

  • openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 900

You must fill the CA value when asked.

You can find IdP Certificate here. At the section Identity Provider Definitions - KU Leuven / Associatie KU Leuven, copy ds:X509Certificate tag's contents into a file named cert_idp.pem. It can be a single line or divided into more lines.

Registering the Service Provider

Go to https://shib.kuleuven.be/aairr, and click on Resource Admin and Add a Resource Description.

1. Basic Resource Information

  • Home organization: KULeuven
  • Federations: check Federatie KU Leuven
  • fill Main Descriptive Name and Main Description
  • EntityID: your SP url (e.g. https://intense-hollows-60910.herokuapp.com)
  • replicate EntityID for Home URL and Helpdesk URL
  • set validity dates

3. List of Contacts

  • fill technical contact type

4. Service Locations

  • Select Default Assertion Consumer Service Binding: SAML2 HTTP-POST binding
  • Default Assertion Consumer Service URL: set the SP POST endpoint receiving the SAML response (e.g. https://intense-hollows-60910.herokuapp.com/login/callback)
  • SAML2 HTTP-POST binding: same as Default Assertion Consumer Service URL

5. Used Certificates

  • PEM formatted X.509 certificate: copy/paste the copy of the file cert.pem

6. Required Attributes

  • request for the attributes you want (e.g., Given name, Surname, uid)

Confirm the configuration, and wait for a few days for approval and propagation.

Usage

npm install
node app.js

Test

This demo just implements what above. You will be immediately redirected to KULeuven SSO, and after login you will see some data about who logged in. That's it!

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages