Skip to content
SAML Auth with JWT Generator
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
lib
.gitignore
README.md
app.js
package.json

README.md

SAML Auth with JWT Generator

This is an extensible SAML Auth Endpoint to get JWT tokens.

  • It will generate a JWT Token after user login.
  • To manage it from client side, you have to capture PostMessage. Sample code at the end

Install

	$ npm install

Run

	$ node app.js

Working modes

  • Local/Container/PaaS
  • AWS Lambda environment

Environment variables to setup

  • IDP_HOST = your idp host

  • STAGE = pro (when exposing through AWS - API GW is mandatory to ensure redirects)

  • SAML_DOMAIN = [API GW HOST]

  • SAML_CERT = IDP public signing certificate

  • SAML_PRIVATE_CERT = private cert

  • SAML_ISSUER = your sp id

  • JWT_SECRET = signing secret

  • JWT_SAML_PROFILE = keys from the SAML Profile to add and sign in JWT Token (e.g. for auth purposes later)

  • JWT_SAML_TTL = ttl in seconds

  • ALLOWED_DOMAINS = domains, separated by comma, to allow postmessage

  • ALLOWED_HOSTS_PATTERNS = host patterns (e.g. "subdomain.domain.com"), separated by comma, to allow postmessage. Useful to trust your own domain and don't need to declare ALLOWED_DOMAINS individually

AWS API Gateway Setup

  • Resource:
    • /{proxy+}
  • Methods:
    • GET
    • POST

Custom Authorizer for API Gateway

Sample client code to get JWT

	<html>
	<head></head>
	<body>
		<span id="user" style="display:none"></span>
		<a id="login" href="#">Log in with SAML</a>

		<script
			src="https://code.jquery.com/jquery-3.3.1.min.js"
			integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="
			crossorigin="anonymous"></script>

		<script>
		
			var jwtUrl = "https://yourdomain.com";
			var jwtPath = "/yourpath";
		    
			function decoder(base64url) {
				try {
					var base64 = base64url.replace('-', '+').replace('_', '/')
					var utf8 = atob(base64)
					var json = JSON.parse(utf8)
					var json_string = JSON.stringify(json, null, 4)
				} catch (err) {
					json_string = "Bad Section.\nError: " + err.message
				}
				return json_string
			}
			
			var loginWindow;
			$("#login").on("click", function(){
				loginWindow = window.open(jwtUrl+jwtPath);
			});
			
			window.addEventListener('message', function(e) {
				if(e.origin !== jwtUrl){
					return;
				}
				loginWindow.close();
				var message = JSON.parse(decoder(e.data.split(".")[1]));
				$("#user").html("Hi, " + message["user"]);
				$("#user").css("display", "block");
				$("#login").css("display", "none");
			});
		</script>
	</body>
	</html>
You can’t perform that action at this time.