satitm-sso-node/config/passport.js

let fs = require("fs");
let passport = require("passport");
let SamlStrategy = require("passport-saml").Strategy;
let directory = require("../directory.js");

passport.serializeUser(function (user, done) {
  done(null, user);
});
passport.deserializeUser(function (user, done) {
  done(null, user);
});

passport.use(
  new SamlStrategy(
    {
      entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls",
      issuer: "https://localhost:3000",
      callbackUrl: "https://localhost:3000/selfservice/api/login/postResponse",
      privateKey: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.key", "utf-8"),
      acceptedClockSkewMs: -1,
      identifierFormat: null,
      signatureAlgorithm: "sha256",
      racComparison: "exact",
    },
    async function (profile, done) {
      // Query Active Directory for user details
      // username is the UPN
      // Store the user's group and DN in the session
      let username = profile["username"];
      attributes = ["dn", "memberOf"];
      console.log("Waiting for queryUser...")
      let user = await directory.queryUser(username, attributes);
      console.log("user:", user);
      profile["dn"] = user.dn;
      profile["memberOf"] = user.memberOf;
      // Is this user a student or a parent?
      profile["userType"] = directory.getUserTypeFromDN(profile["dn"]);
      let user_type = profile["userType"];
      // If the user is a student, query the student's primary parent
      // and store the parent's UPN in the session
      if (user_type === directory.USER_TYPE.STUDENT) {
        let student = await directory.queryUser(username, ["primaryParent"]);
        profile["primaryParent"] = student.primaryParent;
      }
      // If the user is a parent, query the parent's students 
      // and store the students' UPNs in the session
      else if (user_type === directory.USER_TYPE.PARENT) {
        let students = await directory.getStudentsByParent(username);
        profile["students"] = students;
      } else {
        console.log("Unknown user type");
      }
      return done(null, profile); // Return the user's profile

    }
  )
);

module.exports = passport;