SAML 2.0 SSO with nodejs and passportjs
Hello, reader welcome to again a fascinating topic on SSO with SAML 2.0. This article will focus on the concepts and practical aspects of SAML2 SSO.
Prerequisites: To proceed, it is essential that the user has a fundamental comprehension of both basic authentication and authentication based on OAuth.
What we will cover in this article:
- What is SAML? How can it help to authenticate the user?
- Basic vocabulary in this process.
- Understanding of type of SAML 2.0 authentication flow with diagram
- Practical implementation of each flow with Nodejs
What is SAML? How can it help to authenticate the user?
- SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between parties.
- The advantages of using SAML authentication is that the user can be able to log in only once and using the same credentials user can be able to login to other trusted application.
Basic vocabulary in this process
Understanding of type of SAML 2.0 authentication flow with diagram
There are two types of SAML 2.0 authentication
- SP initiated the authentication process
Explanation of SP or user-initiated flow diagram: This user agent starts the authentication flow. As we can see in the chart the user has initiated the flow it goes to the service provider then it goes to IdP. Once IdP is verified the user then it is a throwback to the login dashboard by the service provider.
2. The identity provider (IdP) Initiated the authentication process
In the IdP-initiated flow authentication flow start from the Identity provider and then goes to the Service provider after that SP redirect to authenticated page to the user.
Practical implementation of each flow with Nodejs
- Here you can use Okta to implement SSO and get all sorts of credentials.
- Clone this repo with the command git clone
git clone https://github.com/airrakeshkumarsharma/nodejsExperiment/tree/SAML2.03. Next look at this file
const express = require("express")
const passport = require("passport")
const router = express.Router()
const SamlStrategy = require("passport-saml").Strategy;
const samlConfig = {
path: "/saml2/callback", // end point which is defined by you after call back
entryPoint: process.env.SAML_PROVIDER, // IdP End point
issuer: "http://localhost:8000", // Your api bash url where server is running
protocol: "https://",
cert: process.env.SAML_SSO_CERT || " ", // SAML CERT provided by IdP
}
/**
*
* @param {*} samlUser | IdP will provide the parameter
* @param {*} callback | Callback passport\
*/
const createUserOrUpdate = (samlUser, callback) => {
// Modified your code to create or update the user
// Passport serialized and deserialize the user
passport.serializeUser((user, done) => {
done(null, { ...user });
});
passport.deserializeUser((user, done) => {
done(null, { ...user });
});
callback(null, samlUser)
}
passport.use(new SamlStrategy(samlConfig, createUserOrUpdate))
const loginMidd = (req, res, next) => {
passport.authenticate("saml", { state: "yourExtraDataKeepInBase64" })(req, res, next)
}
router.get("/saml2/login", loginMidd);
router.post("/saml2/callback", passport.authenticate("saml"), createUserOrUpdate);
module.exports = router- In this file, you need to update the configuration of the SAML2 which is at line 8.
- Change your code to create a user at line 21.
4. Once the configuration is updated. Now run the following command to start the server
node index.js5. Start accessing the code on the following routes
http://localhost:8000/saml2/loginFeedback: I tried here to explain the SAML2 in minimal code. If any extra concept is required to understand the code contact me on rakesblog.co
