siwatsystem-public/satitm-sso-node
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

saml2 working

Browse source
This commit is contained in:
Siwat Sirichai 2024-05-05 03:11:42 +07:00
parent 1876580d86
commit 33865b9d02
6 changed files with 184 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

18
.vscode/c_cpp_properties.json vendored Normal file
View file

@ -0,0 +1,18 @@
{
"configurations": [
{
"name": "windows-gcc-x64",
"includePath": [
"${workspaceFolder}/**"
],
"compilerPath": "gcc",
"cStandard": "${default}",
"cppStandard": "${default}",
"intelliSenseMode": "windows-gcc-x64",
"compilerArgs": [
""
]
}
],
"version": 4
}

42
.vscode/launch.json vendored
View file

@ -1,17 +1,33 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
"version": "0.2.0",
"configurations": [
{
"type": "node",
"request": "launch",
"name": "Launch Program",
"skipFiles": [
"<node_internals>/**"
],
"program": "${workspaceFolder}\\index.js"
},
{
"name": "C/C++ Runner: Debug Session",
"type": "cppdbg",
"request": "launch",
"args": [],
"stopAtEntry": false,
"externalConsole": true,
"cwd": "d:/Git/ESPMegaPRO-v3-SDK/ESPMegaPRO-OS-SDK/lib/ESPMegaPRO",
"program": "d:/Git/ESPMegaPRO-v3-SDK/ESPMegaPRO-OS-SDK/lib/ESPMegaPRO/build/Debug/outDebug",
"MIMode": "gdb",
"miDebuggerPath": "gdb",
"setupCommands": [
{
"type": "node",
"request": "launch",
"name": "Launch Program",
"skipFiles": [
"<node_internals>/**"
],
"program": "${workspaceFolder}\\index.js"
"description": "Enable pretty-printing for gdb",
"text": "-enable-pretty-printing",
"ignoreFailures": true
}
]
]
}
]
}

59
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,59 @@
{
"C_Cpp_Runner.cCompilerPath": "gcc",
"C_Cpp_Runner.cppCompilerPath": "g++",
"C_Cpp_Runner.debuggerPath": "gdb",
"C_Cpp_Runner.cStandard": "",
"C_Cpp_Runner.cppStandard": "",
"C_Cpp_Runner.msvcBatchPath": "",
"C_Cpp_Runner.useMsvc": false,
"C_Cpp_Runner.warnings": [
"-Wall",
"-Wextra",
"-Wpedantic",
"-Wshadow",
"-Wformat=2",
"-Wcast-align",
"-Wconversion",
"-Wsign-conversion",
"-Wnull-dereference"
],
"C_Cpp_Runner.msvcWarnings": [
"/W4",
"/permissive-",
"/w14242",
"/w14287",
"/w14296",
"/w14311",
"/w14826",
"/w44062",
"/w44242",
"/w14905",
"/w14906",
"/w14263",
"/w44265",
"/w14928"
],
"C_Cpp_Runner.enableWarnings": true,
"C_Cpp_Runner.warningsAsError": false,
"C_Cpp_Runner.compilerArgs": [],
"C_Cpp_Runner.linkerArgs": [],
"C_Cpp_Runner.includePaths": [],
"C_Cpp_Runner.includeSearch": [
"*",
"**/*"
],
"C_Cpp_Runner.excludeSearch": [
"**/build",
"**/build/**",
"**/.*",
"**/.*/**",
"**/.vscode",
"**/.vscode/**"
],
"C_Cpp_Runner.useAddressSanitizer": false,
"C_Cpp_Runner.useUndefinedSanitizer": false,
"C_Cpp_Runner.useLeakSanitizer": false,
"C_Cpp_Runner.showCompilationTime": false,
"C_Cpp_Runner.useLinkTimeOptimization": false,
"C_Cpp_Runner.msvcSecureNoWarnings": false
}

20
config/passport.js
View file

@ -11,24 +11,18 @@ passport.deserializeUser(function (user, done) {
passport.use(
new SamlStrategy(
{
entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls/",
issuer: "acme_tools_com",
callbackUrl: "https://sso.satitm.chula.ac.th/selfservice/activedirectory/postResponse",
entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls",
issuer: "https://localhost:3000",
callbackUrl: "https://localhost:3000/selfservice/activedirectory/postResponse",
privateKey: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.key", "utf-8"),
cert: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.cert", "utf-8"),
// other authn contexts are available e.g. windows single sign-on
// see: https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.authenticationmethods?view=netframework-4.8#fields
authnContext: [
"http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password",
],
acceptedClockSkewMs: -1,
identifierFormat: null,
// this is configured under the Advanced tab in AD FS relying party
signatureAlgorithm: "sha256",
racComparison: "exact", // default to exact RequestedAuthnContext Comparison Type
// From the metadata document
audience: "https://sso.satitm.chula.ac.th/FederationMetadata/2007-06/FederationMetadata.xml",
racComparison: "exact",
},
function (profile, done) {
console.log("profile", profile);
let user = profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"];
return done(null, {
upn: profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"],
// e.g. if you added a Group claim

79
index.js
View file

@ -1,35 +1,94 @@
let passport = require('passport');
let express = require('express');
let http = require('http');
let https = require('https');
let fs = require('fs');
let app = express();
require('./config/passport.js');
let session = require('express-session');
app.use(session({
secret: 'RLCCDwstDuT6nMJf5kko7C',
resave: false,
saveUninitialized: true
}));
// ... rest of your code ...
app.use(passport.initialize());
app.use(passport.session());
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.get('/', function (req, res) {
res.send('Hello World!<br><a href="/login">Login</a>');
console.log('User:', req.user);
if (req.user) {
console.log('User:', req.user);
}
});
app.get('/login',
passport.authenticate('saml', { failureRedirect: '/selfservice', failureFlash: true }),
function(req, res) {
res.redirect('https://sso.satitm.chula.ac.th/selfservice');
function (req, res) {
res.redirect('https://localhost:3000/');
}
);
app.post('/selfservice/activediretory/postResponse',
passport.authenticate('saml', { failureRedirect: '/selfservice', failureFlash: true }),
function(req, res) {
res.redirect('https://sso.satitm.chula.ac.th/selfservice');
app.use(function(req, res, next) {
console.log('Received request:', req.method, req.url);
console.log('Data:', req.body);
next();
});
app.post('/selfservice/activedirectory/postResponse',
passport.authenticate('saml', { failureRedirect: '/selfservice',successRedirect: '/', failureFlash: true }),
function (req, res) {
console.log('SAML authentication successful');
res.redirect('https://localhost:3000/');
}
);
//app.get('selfservice/secure', validUser, routes.secure);
function validUser(req, res, next) {
if (!req.user) {
res.redirect('https://sso.satitm.chula.ac.th/selfservice/login');
res.redirect('https://localhost:3000/login');
}
next();
}
let server = http.createServer(app);
server.listen(3000, function() {
const options = {
key: fs.readFileSync('adfs_connect/urn_satitm_sso_selfservice.key'),
cert: fs.readFileSync('adfs_connect/urn_satitm_sso_selfservice.cert'),
ciphers: [
'ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES256-GCM-SHA384',
'DHE-RSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA256',
'ECDHE-RSA-AES256-SHA384',
'DHE-RSA-AES256-SHA384',
'ECDHE-RSA-AES256-SHA256',
'DHE-RSA-AES256-SHA256',
'HIGH',
'!aNULL',
'!eNULL',
'!EXPORT',
'!DES',
'!RC4',
'!MD5',
'!PSK',
'!SRP',
'!CAMELLIA'
].join(':'),
honorCipherOrder: true
};
let server = https.createServer(options, app);
server.listen(3000, function () {
console.log('Listening on port 3000');
});

2
login.html
View file

@ -212,7 +212,7 @@
<input name="%%PASSWORDID%%" id="ft_pd" type="password" autocomplete="off">
</div>
</div>
<div class="form-footer" >
<div class="form-footer">
<button class="primary" type="submit" style="margin-bottom: 0;">
Continue
</button>