codecitizen · January 19, 2018 10:09
diff --git a/index.js b/index.js
 var saml2 = require('saml2-js');
 const fs = require('fs');
 var express = require('express');
 var app = express();
 var bodyParser = require('body-parser');
 app.use(bodyParser.urlencoded({
  extended: true
 }));



 var sp_options = {
    entity_id: "http://localhost:3001/metadata.xml",
    private_key: fs.readFileSync("privkey").toString(),
    certificate: fs.readFileSync("cert").toString(),
    assert_endpoint: "http://localhost:3001/saml/login",
    force_authn: true,
    auth_context: { comparison: "exact", class_refs: ["urn:oasis:names:tc:SAML:1.0:am:password"] },
    nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
    sign_get_request: false,
    allow_unencrypted_assertion: true
  }

 // Call service provider constructor with options
 var sp = new saml2.ServiceProvider(sp_options);

 // Example use of service provider.
 // Call metadata to get XML metatadata used in configuration.
 var metadata = sp.create_metadata();

 console.log(metadata);

 // Initialize options object
 var idp_options = {
  sso_login_url: "https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp",
  sso_logout_url: "https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp",
  certificates: [fs.readFileSync("sso-circle.cert").toString()],
  force_authn: true,
  sign_get_request: false,
  allow_unencrypted_assertion: false
 };

 // Call identity provider constructor with options
 var idp = new saml2.IdentityProvider(idp_options);

 // Example usage of identity provider.
 // Pass identity provider into a service provider function with options and a callback.
 sp.create_login_request_url(idp, {}, function(error, login_url, request_id) {
  console.log("Error: " + error);
  console.log("Login URL: " + login_url);
  console.log("Request ID: " + request_id);
 });

 // ------ Define express endpoints ------

 // Endpoint to retrieve metadata
 app.get("/metadata.xml", function(req, res) {
  res.type('application/xml');
  res.send(metadata);
 });

 // Starting point for login
 app.get("/login", function(req, res) {
  sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
    if (err != null)
      return res.send(500);
    res.redirect(login_url);
  });
 });

 // Assert endpoint for when login completes
 app.post("/saml/login", function(req, res) {
  console.log(req.body.SAMLResponse)
  var options = {request_body: req.body};
  sp.post_assert(idp, options, function(err, saml_response) {
    if (err != null) {
      console.log("/saml/login Error: " + err)
      console.log("SAML Response: " + saml_response)
      return res.send(500);
    }

    // Save name_id and session_index for logout
    // Note:  In practice these should be saved in the user session, not globally.
    name_id = saml_response.user.name_id;
    session_index = saml_response.user.session_index;

    res.send("Hello #{saml_response.user.name_id}!");
  });
 });

 // Starting point for logout
 app.get("/saml/logout", function(req, res) {
  var options = {
    name_id: name_id,
    session_index: session_index
  };

  sp.create_logout_request_url(idp, options, function(err, logout_url) {
    if (err != null)
      return res.send(500);
    res.redirect(logout_url);
  });
 });

 app.listen(3001);
	var saml2 = require('saml2-js');
	const fs = require('fs');
	var express = require('express');
	var app = express();
	var bodyParser = require('body-parser');
	app.use(bodyParser.urlencoded({
	extended: true
	}));



	var sp_options = {
	entity_id: "http://localhost:3001/metadata.xml",
	private_key: fs.readFileSync("privkey").toString(),
	certificate: fs.readFileSync("cert").toString(),
	assert_endpoint: "http://localhost:3001/saml/login",
	force_authn: true,
	auth_context: { comparison: "exact", class_refs: ["urn:oasis:names:tc:SAML:1.0:am:password"] },
	nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
	sign_get_request: false,
	allow_unencrypted_assertion: true
	}

	// Call service provider constructor with options
	var sp = new saml2.ServiceProvider(sp_options);

	// Example use of service provider.
	// Call metadata to get XML metatadata used in configuration.
	var metadata = sp.create_metadata();

	console.log(metadata);

	// Initialize options object
	var idp_options = {
	sso_login_url: "https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp",
	sso_logout_url: "https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp",
	certificates: [fs.readFileSync("sso-circle.cert").toString()],
	force_authn: true,
	sign_get_request: false,
	allow_unencrypted_assertion: false
	};

	// Call identity provider constructor with options
	var idp = new saml2.IdentityProvider(idp_options);

	// Example usage of identity provider.
	// Pass identity provider into a service provider function with options and a callback.
	sp.create_login_request_url(idp, {}, function(error, login_url, request_id) {
	console.log("Error: " + error);
	console.log("Login URL: " + login_url);
	console.log("Request ID: " + request_id);
	});

	// ------ Define express endpoints ------

	// Endpoint to retrieve metadata
	app.get("/metadata.xml", function(req, res) {
	res.type('application/xml');
	res.send(metadata);
	});

	// Starting point for login
	app.get("/login", function(req, res) {
	sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
	if (err != null)
	return res.send(500);
	res.redirect(login_url);
	});
	});

	// Assert endpoint for when login completes
	app.post("/saml/login", function(req, res) {
	console.log(req.body.SAMLResponse)
	var options = {request_body: req.body};
	sp.post_assert(idp, options, function(err, saml_response) {
	if (err != null) {
	console.log("/saml/login Error: " + err)
	console.log("SAML Response: " + saml_response)
	return res.send(500);
	}

	// Save name_id and session_index for logout
	// Note: In practice these should be saved in the user session, not globally.
	name_id = saml_response.user.name_id;
	session_index = saml_response.user.session_index;

	res.send("Hello #{saml_response.user.name_id}!");
	});
	});

	// Starting point for logout
	app.get("/saml/logout", function(req, res) {
	var options = {
	name_id: name_id,
	session_index: session_index
	};

	sp.create_logout_request_url(idp, options, function(err, logout_url) {
	if (err != null)
	return res.send(500);
	res.redirect(logout_url);
	});
	});

	app.listen(3001);