Azure AD saml sso

代码

主要是参考文档

  • 安装 passport-saml
npm install passport-saml
  • use passport
passport.use(new SamlStrategy(
  {
    path: '/account/auth/blueid/callback', // 这个是callback需要稍后实现
    entryPoint: '', // 这个是azure AD的一个配置, saml-based sso login url
    issuer: 'cobeedev', // basic saml configuration -> Identifier (Entity ID)
    cert: '', // refer later
    signatureAlgorithm: 'sha256'
  },
  async function(profile, done) {
  // in this function, you can process profile to get necessary information
    console.log(profile);
    // lazy require
    const usersManagement = require('../../controllers/users/usersManagement');
    const ssoUser = jsonUtil.profile2User(profile);
    let dbUser = await usersManagement.getUserByAzureMail(ssoUser.email);
    // if user was not found in db
    // process the scenario
    if (!dbUser) {
      await usersManagement.processAzureSSOUser(ssoUser);
      dbUser = await usersManagement.getUserByAzureMail(ssoUser.email);
    }
    return done(null,{
      ...dbUser,
      azureUser: ssoUser
    });
  }
));

	app.use(passport.initialize());
	app.use(passport.session());
  • 实现 callback get request to saml login page, and post request to handle callback
router.get('/blueid', passport.authorize('saml', { }));
router.post('/blueid/callback', function (req, res, next) {
  console.log('in callback');
  var redirect_url = '/account/getprojects';
  if(req.session.originalUrl){
    let url=req.session.originalUrl;
    let ida=url.indexOf('url=')
    if(ida!=-1){
      redirect_url+="?"+url.slice(ida,url.length)
      req.session.originalUrl=redirect_url
    }
  }
  passport.authenticate('saml', {
    successRedirect: redirect_url,
    failureRedirect: '/#/account/notregistered'
  })(req, res, next);
});
  • about the cert, refer to doc