Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
// Example use of service provider.
// Call metadata to get XML metatadata used in configuration.
const metadata = sp.create_metadata();
// Initialize options object
const idp_options = {
sso_login_url: "https://idp.example.com/login",
sso_logout_url: "https://idp.example.com/logout",
certificates: [fs.readFileSync("cert-file1.crt").toString(), fs.readFileSync("cert-file2.crt").toString()],
force_authn: true,
sign_get_request: false,
allow_unencrypted_assertion: false
};
// Call identity provider constructor with options
const idp = new saml2.IdentityProvider(idp_options);
// Example usage of identity provider.
// Pass identity provider into a service provider function with options and a callback.
sp.post_assert(idp, {}, (error: any, response: any) => {});
}
// Example: Express implementation
{
const app = express();
// Create service provider
const sp_options = {
entity_id: "https://sp.example.com/metadata.xml",
private_key: fs.readFileSync("key-file.pem").toString(),
certificate: fs.readFileSync("cert-file.crt").toString(),
// Create service provider
const sp_options = {
entity_id: "https://sp.example.com/metadata.xml",
private_key: fs.readFileSync("key-file.pem").toString(),
certificate: fs.readFileSync("cert-file.crt").toString(),
assert_endpoint: "https://sp.example.com/assert"
};
const sp = new saml2.ServiceProvider(sp_options);
// Create identity provider
const idp_options = {
sso_login_url: "https://idp.example.com/login",
sso_logout_url: "https://idp.example.com/logout",
certificates: [fs.readFileSync("cert-file1.crt").toString(), fs.readFileSync("cert-file2.crt").toString()]
};
const idp = new saml2.IdentityProvider(idp_options);
// ------ Define express endpoints ------
// Endpoint to retrieve metadata
app.get("/metadata.xml", function(req, res) {
res.type('application/xml');
res.send(sp.create_metadata());
});
// Starting point for login
app.get("/login", function(req, res) {
sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
if (err != null)
return res.send(500);
res.redirect(login_url);
});
sp.post_assert(idp, {}, (error: any, response: any) => {});
}
// Example: Express implementation
{
const app = express();
// Create service provider
const sp_options = {
entity_id: "https://sp.example.com/metadata.xml",
private_key: fs.readFileSync("key-file.pem").toString(),
certificate: fs.readFileSync("cert-file.crt").toString(),
assert_endpoint: "https://sp.example.com/assert"
};
const sp = new saml2.ServiceProvider(sp_options);
// Create identity provider
const idp_options = {
sso_login_url: "https://idp.example.com/login",
sso_logout_url: "https://idp.example.com/logout",
certificates: [fs.readFileSync("cert-file1.crt").toString(), fs.readFileSync("cert-file2.crt").toString()]
};
const idp = new saml2.IdentityProvider(idp_options);
// ------ Define express endpoints ------
// Endpoint to retrieve metadata
app.get("/metadata.xml", function(req, res) {
res.type('application/xml');
res.send(sp.create_metadata());
});
// Example
{
const sp_options = {
entity_id: "https://sp.example.com/metadata.xml",
private_key: fs.readFileSync("key-file.pem").toString(),
certificate: fs.readFileSync("cert-file.crt").toString(),
assert_endpoint: "https://sp.example.com/assert",
force_authn: true,
auth_context: { comparison: "exact", class_refs: ["urn:oasis:names:tc:SAML:1.0:am:password"] },
nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
sign_get_request: false,
allow_unencrypted_assertion: true
};
// Call service provider constructor with options
const sp = new saml2.ServiceProvider(sp_options);
// Example use of service provider.
// Call metadata to get XML metatadata used in configuration.
const metadata = sp.create_metadata();
// Initialize options object
const idp_options = {
sso_login_url: "https://idp.example.com/login",
sso_logout_url: "https://idp.example.com/logout",
certificates: [fs.readFileSync("cert-file1.crt").toString(), fs.readFileSync("cert-file2.crt").toString()],
force_authn: true,
sign_get_request: false,
allow_unencrypted_assertion: false
};
// Call identity provider constructor with options
let lastUsed = Date.now();
function debug(message, data) {
ctx.app.emit('debug', {
message: message,
class: 'OneLoginStrategy',
timestamp: Date.now(),
type: 'strategy',
data: data
});
}
// instantiate the SAML identity provider
const idp = new IdentityProvider(this.authority.details.identity_provider);
// instantiate the SAML service provider
const sp = new ServiceProvider({
entity_id: ctx.request.protocol + '://' + ctx.request.host + ctx.request.path + '?metadata',
assert_endpoint: ctx.request.protocol + '://' + ctx.request.host + ctx.request.path,
sign_get_request: true,
allow_unencrypted_assertion: false,
private_key: this.authority.details.service_provider.private_key,
certificate: this.authority.details.service_provider.certificate,
alt_private_keys: this.authority.details.service_provider.alt_private_keys,
alt_certs: this.authority.details.service_provider.alt_certs
});
// Complete Authorization Request
function debug(message, data) {
ctx.app.emit('debug', {
message: message,
class: 'OneLoginStrategy',
timestamp: Date.now(),
type: 'strategy',
data: data
});
}
// instantiate the SAML identity provider
const idp = new IdentityProvider(this.authority.details.identity_provider);
// instantiate the SAML service provider
const sp = new ServiceProvider({
entity_id: ctx.request.protocol + '://' + ctx.request.host + ctx.request.path + '?metadata',
assert_endpoint: ctx.request.protocol + '://' + ctx.request.host + ctx.request.path,
sign_get_request: true,
allow_unencrypted_assertion: false,
private_key: this.authority.details.service_provider.private_key,
certificate: this.authority.details.service_provider.certificate,
alt_private_keys: this.authority.details.service_provider.alt_private_keys,
alt_certs: this.authority.details.service_provider.alt_certs
});
// Complete Authorization Request
// ------------------------------
entity_id: "http://localhost:3000/saml/metadata",
private_key: fs.readFileSync("certificates\\sp-cert-private.pfx").toString(),
certificate: fs.readFileSync("certificates\\idp-cert-public.crt").toString(),
assert_endpoint: "http://localhost:3000/saml/assert",
allow_unencrypted_assertion: true
};
var sp = new saml2.ServiceProvider(sp_options);
// Create identity provider
// Azure AD B2C metadata:
var idp_options = {
sso_login_url: "https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1A_SAML2_signup_signin/samlp/sso/login",
sso_logout_url: "https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1A_SAML2_signup_signin/samlp/sso/logout",
certificates: [fs.readFileSync("certificates\\idp-cert-public.crt").toString()]
};
var idp = new saml2.IdentityProvider(idp_options);
// ------ Define express endpoints ------
// Homepage
app.get("/", function (req, res) {
res.send(getHTML(req.session.userName));
});
// Endpoint to retrieve metadata
app.get("/saml/metadata", function (req, res) {
res.type('application/xml');
res.send(sp.create_metadata());
});
// Starting point for login
app.get("/saml/login", function (req, res) {
// Initialize the session
app.use(session({
secret: 'eXbbYkwMsO7l7tBcdvblOwQFxSajUe9sUA4y/BXEZ3w=',
resave: true,
saveUninitialized: true
}));
// Create service provider
var sp_options = {
entity_id: "http://localhost:3000/saml/metadata",
private_key: fs.readFileSync("certificates\\sp-cert-private.pfx").toString(),
certificate: fs.readFileSync("certificates\\idp-cert-public.crt").toString(),
assert_endpoint: "http://localhost:3000/saml/assert",
allow_unencrypted_assertion: true
};
var sp = new saml2.ServiceProvider(sp_options);
// Create identity provider
// Azure AD B2C metadata:
var idp_options = {
sso_login_url: "https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1A_SAML2_signup_signin/samlp/sso/login",
sso_logout_url: "https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1A_SAML2_signup_signin/samlp/sso/logout",
certificates: [fs.readFileSync("certificates\\idp-cert-public.crt").toString()]
};
var idp = new saml2.IdentityProvider(idp_options);
// ------ Define express endpoints ------
// Homepage
app.get("/", function (req, res) {
res.send(getHTML(req.session.userName));
});
const spOptions = {
entity_id: process.env.ENTITY_ID,
assert_endpoint: process.env.ASSERT_ENDPOINT,
force_authn: false,
nameid_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
sign_get_request: false,
allow_unencrypted_assertion: true
};
const idpOptions = {
sso_login_url: process.env.IDP_LOGIN,
sso_logout_url: null,
certificates: LaunchpadX509Certificate
};
const idp = new saml2.IdentityProvider(idpOptions);
const sp = new saml2.ServiceProvider(spOptions);
return { idp, sp };
};
entity_id: process.env.ENTITY_ID,
assert_endpoint: process.env.ASSERT_ENDPOINT,
force_authn: false,
nameid_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
sign_get_request: false,
allow_unencrypted_assertion: true
};
const idpOptions = {
sso_login_url: process.env.IDP_LOGIN,
sso_logout_url: null,
certificates: LaunchpadX509Certificate
};
const idp = new saml2.IdentityProvider(idpOptions);
const sp = new saml2.ServiceProvider(spOptions);
return { idp, sp };
};