This node.js web application demonstrates SSO authentication provided by RIT's Shibboleth Server (https://shibboleth.main.ad.rit.edu/), using the passport-saml package.
This app requires 3 files to be placed in a folder named cert located in the project's root directory. These files include (1) the certificate of the Identity Provider (IdP). In this case, RIT's Shibboleth Server is the IdP. As a Service Provider (SP), you need to generate your own (2) certificate and (3) private key. These files are named as follows:
cert.pem: SP's certificate (Generated by you)cert_idp.pem: IdP's certificate (RIT's is contained in https://shibboleth.main.ad.rit.edu/rit-metadata.xml)key.pem: SP's private key (Generated by you)
Generate the SP files with the following command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 900
The IdP Certificate is contained within the ds:X509Certificate tag.
- Copy the tag's contents into a file named
cert_idp.pem.
Next, copy .env.sample to .env and edit appropriately. Running this app locally will likely not work since the IdP can't redirect to localhost.
Contact ITS to register your Service Provider. During this step, the IdP Administrator downloads the metadata from the /Shibboleth.sso/Metadata endpoint and loads it into the IdP.
npm install
node app.js