saml2 working

config/passport.js

@@ -11,24 +11,18 @@ passport.deserializeUser(function (user, done) {
 passport.use(
   new SamlStrategy(
     {
-      entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls/",
-      issuer: "acme_tools_com",
-      callbackUrl: "https://sso.satitm.chula.ac.th/selfservice/activedirectory/postResponse",
+      entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls",
+      issuer: "https://localhost:3000",
+      callbackUrl: "https://localhost:3000/selfservice/activedirectory/postResponse",
       privateKey: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.key", "utf-8"),
-      cert: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.cert", "utf-8"),
-      // other authn contexts are available e.g. windows single sign-on
-      // see: https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.authenticationmethods?view=netframework-4.8#fields
-      authnContext: [
-        "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password",
-      ],
+      acceptedClockSkewMs: -1,
       identifierFormat: null,
-      // this is configured under the Advanced tab in AD FS relying party
       signatureAlgorithm: "sha256",
-      racComparison: "exact", // default to exact RequestedAuthnContext Comparison Type
-      // From the metadata document
-      audience: "https://sso.satitm.chula.ac.th/FederationMetadata/2007-06/FederationMetadata.xml",
+      racComparison: "exact",
     },
     function (profile, done) {
+      console.log("profile", profile);
+      let user = profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"];
       return done(null, {
         upn: profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"],
         // e.g. if you added a Group claim