SAML strategy for EvolveIP

GluuFederation · Oct 25, 2017 · 7becf8b · 7becf8b
1 parent 0325060
commit 7becf8b
Show file tree

Hide file tree

Showing 4 changed files with 238 additions and 97 deletions.
diff --git a/passport-saml-config.json b/passport-saml-config.json
@@ -0,0 +1,37 @@
+{
+        "idp1": {
+                "entryPoint": "https://dev1.gluu.org/idp/profile/SAML2/POST/SSO",
+                "issuer": "urn:test",
+                "identifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
+                "authnRequestBinding": "HTTP-POST",
+                "additionalAuthorizeParams": "{ providerId: 'test' }",
+                "skipRequestCompression": "true",
+                "reverseMapping": {
+                        "email" : "email",
+                        "username": "urn:oid:0.9.2342.19200300.100.1.1",
+                        "displayName": "urn:oid:2.16.840.1.113730.3.1.241",
+                        "id":  "urn:oid:0.9.2342.19200300.100.1.1",
+                        "name": "urn:oid:2.5.4.42",
+                        "givenName": "urn:oid:2.5.4.42",
+                        "familyName": "urn:oid:2.5.4.4",
+                        "provider" :"issuer"
+                }
+        },
+        "idp2": {
+                "entryPoint": "https://",
+                "issuer": "urn:test",
+                "identifierFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
+                "cert" : "QIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRYwFAYDVQQKEw1QaW5nIElkZW50aXR5MSkwJwYDVQQDEyAxODIwNmM0NWRiN2Y0MjA2YWNkN2ViZWU5MjhjN2YzZDAeFw0xNzA4MTExMjEyMDZaFw0yMDA4MTAxMjEyMDZaMG4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRYwFAYDVQQKEw1QaW5nIElkZW50aXR5MSkwJwYDVQQDEyAxODIwNmM0NWRiN2Y0MjA2YWNkN2ViZWU5MjhjN2YzZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKP+nrt+plM5Q+AKSYkwSaUq94KhwU/FiZE+gch+F7Wh74knITeXv4+GUgudJGwMHFfLF5Fqf+O5AOLnRTmvwGKqc/cXHApvVtkq4sAP/8oNCD73DBTRYgKDHaAp54IPZEVNBGF4T0gxZ917+YuaDnCxC5mZfmmndnZudon645BzZfIa0PFkvjer/r3w4+zha1Vc868GkQLQ2VsxUjbsQ0iR+ipXxSkeiQe/vc6KZBbLMnf1RhY0F31vSgg0N/TROAP5dDNn9a6tyGyr9QNxy8c4FwuHiUjlbPD7u6whvz7h70nhg0svxzfMZpzvzY6wsFmeR3DOnpC03o1LjyoxmSkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFbybi6dwyGA2+QOZdGynoa/oUF4Zb94dm90zavCMPum9PnlsbBTHVq11Ph7jj3CQD1fNu7WUKsPJXtoy2dpWO+B4+a8JLXkoDYZaAta3vyT6/8sRB97vQne82jQeICuqabqSEV2UKDvuYaffvkc0aZ5e0sGw64+f56pQCuzy5iATuNxdNEXptmNvgR6jFfW2JKB27kXmNkIZHh3VOLZ28PxoQydqxtFvx/0vuLfTBLtAd5C8/r3eEWRYFjeActg5Q7M5LnzMUZajYCC+BQbkgvmQ5zH/2cb26nkpqT7gKAXJd2Tl48CuAJDMoD2kJQ2Jw51aeXRCKq/biyEm2dehtw==",
+                "reverseMapping": {
+                        "email" : "email",
+                        "username": "firstname",
+                        "displayName": "firstname",
+                        "id":  "firstname",
+                        "name": "firstname",
+                        "givenName": "firstname",
+                        "familyName": "lastName",
+                        "provider" :"provider"
+                }
+
+        }
+}
diff --git a/server/auth/configureStrategies.js b/server/auth/configureStrategies.js
@@ -5,6 +5,7 @@ var LinkedinStrategy = require('./linkedin');
 var TumblrStrategy = require('./tumblr');
 var TwitterStrategy = require('./twitter');
 var YahooStrategy = require('./yahoo');
+var SamlStrategy = require("./saml");
 var logger = require("../utils/logger");
 
 exports.setConfiguratins = function(data){
@@ -58,7 +59,12 @@ exports.setConfiguratins = function(data){
             logger.sendMQMessage('info: Yahoo Strategy details received');
             YahooStrategy.setCredentials(data.passportStrategies.yahoo);
         }
-
+        //SamlStrategy
+        if (data.passportStrategies.saml) {
+            logger.log('info', 'Saml Strategy details received');
+            logger.sendMQMessage('info: Saml Strategy details received');
+            SamlStrategy.setCredentials(data.passportStrategies.saml);
+        }
     } else {
         logger.log('error', 'Error in getting data, error: ' + JSON.stringify(err));
         logger.sendMQMessage('error: Error in getting data, error: ' + JSON.stringify(err));

diff --git a/server/auth/saml.js b/server/auth/saml.js
@@ -0,0 +1,69 @@
+var passport = require('passport');
+var SamlStrategy = require('passport-saml').Strategy;
+var SAML = require('passport-saml').SAML;
+var fs = require('fs');
+var logger = require("../utils/logger");
+
+var setCredentials = function(credentials) {
+        var entitiesJSON = JSON.parse(fs.readFileSync('/etc/gluu/conf/passport-saml-config.json', 'utf8'));
+        for(key in entitiesJSON){
+
+                logger.info(key);
+                var objectJSON = entitiesJSON[key];
+                var strategyConfigOptions = {};
+                strategyConfigOptions.callbackUrl = global.applicationHost.concat("/passport/auth/saml/"+key+"/callback");
+                if(objectJSON.hasOwnProperty('entryPoint')) {
+                        strategyConfigOptions.entryPoint = objectJSON['entryPoint'];
+                }
+                if(objectJSON.hasOwnProperty('issuer')) {
+                        strategyConfigOptions.issuer = objectJSON['issuer'];
+                }
+                if(objectJSON.hasOwnProperty('identifierFormat')) {
+                        strategyConfigOptions.identifierFormat = objectJSON['identifierFormat'];
+                }
+                if(objectJSON.hasOwnProperty('cert')) {
+                        strategyConfigOptions.cert = objectJSON['cert'];
+                }
+                if(objectJSON.hasOwnProperty('skipRequestCompression')) {
+                        strategyConfigOptions.skipRequestCompression = objectJSON['skipRequestCompression'];
+                }
+                if(objectJSON.hasOwnProperty('authnRequestBinding')) {
+                        strategyConfigOptions.authnRequestBinding = objectJSON['authnRequestBinding'];
+                }
+                if(objectJSON.hasOwnProperty('additionalAuthorizeParams')) {
+                        strategyConfigOptions.additionalAuthorizeParams = objectJSON['additionalAuthorizeParams'];
+                }
+                strategyConfigOptions.decryptionPvk = fs.readFileSync('/etc/certs/openldap.key', 'utf-8');
+                strategyConfigOptions.passReqToCallback = true;
+                var strategy = new SamlStrategy(strategyConfigOptions,
+                        function(req, profile, done) {
+                                var mapping = objectJSON['reverseMapping'];
+                                logger.info(req.body.SAMLResponse);
+                                var userProfile = {
+                                        id:  profile[mapping["id"]]|| '',
+                                        name: profile[mapping["name"]] ||'',
+                                        username:  profile[mapping["username"]] || '',
+                                        email: profile[mapping["email"]],
+                                        givenName: profile[mapping["givenName"]] || '',
+                                        familyName: profile[mapping["familyName"]] || '',
+                                        provider: profile[mapping["provider"]] || '',
+                                        accessToken: "accesstoken"
+                                };
+                                return done(null, userProfile);
+                        });
+                passport.use(key,strategy);
+                logger.info(key);
+                fs.truncate(__dirname + '/../idp-metadata/' + key +'.xml', 0, function() {
+                });
+                var decryptionCert = fs.readFileSync('/etc/certs/openldap.crt', 'utf-8');
+                var metaData = strategy.generateServiceProviderMetadata(decryptionCert);
+                fs.writeFile(__dirname + '/../idp-metadata/'+key +'.xml', metaData, function(err) {
+                                console.log("Data written successfully for "+key);
+                });
+        }
+};
+
+module.exports = {
+passport: passport,
+setCredentials: setCredentials
+};