let fs = require("fs"); let passport = require("passport"); let SamlStrategy = require("passport-saml").Strategy; let directory = require("../directory.js"); passport.serializeUser(function (user, done) { done(null, user); }); passport.deserializeUser(function (user, done) { done(null, user); }); passport.use( new SamlStrategy( { entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls", issuer: "https://localhost:3000", callbackUrl: "https://localhost:3000/selfservice/api/login/postResponse", privateKey: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.key", "utf-8"), acceptedClockSkewMs: -1, identifierFormat: null, signatureAlgorithm: "sha256", racComparison: "exact", }, async function (profile, done) { // Query Active Directory for user details // username is the UPN // Store the user's group and DN in the session let username = profile["username"]; attributes = ["dn", "memberOf"]; console.log("Waiting for queryUser...") let user = await directory.queryUser(username, attributes); console.log("user:", user); profile["dn"] = user.dn; profile["memberOf"] = user.memberOf; // Is this user a student or a parent? profile["userType"] = directory.getUserTypeFromDN(profile["dn"]); let user_type = profile["userType"]; // If the user is a student, query the student's primary parent // and store the parent's UPN in the session if (user_type === directory.USER_TYPE.STUDENT) { let student = await directory.queryUser(username, ["primaryParent"]); profile["primaryParent"] = student.primaryParent; } // If the user is a parent, query the parent's students // and store the students' UPNs in the session else if (user_type === directory.USER_TYPE.PARENT) { let students = await directory.listStudents(username); profile["students"] = students; } else { console.log("Unknown user type"); } return done(null, profile); // Return the user's profile } ) ); module.exports = passport;