frogconn/remix-saml-authentication

Example Remix JS project with SAML authentication

Remix with SAML Authentication

This is an example Remix website using the default Blues Stack with enough tweaks to make Single Sign On with SAML2 work nicely.

This site is using Samlify.

(note) I also removed some of the references to fly.

Basic configuration

Start a Saml IDP

For development/demoing you can start up a simple SAML IPD server from https://github.com/mcguinness/saml-idp.

1. clone the repo somewhere.
2. cd to the repo.
3. generate a cert using their sample code openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=JankyCo/CN=Test Identity Provider' -keyout idp-private-key.pem -out idp-public-cert.pem -days 7300
4. Start up the IDP server node ./bin/run.js --acsUrl http://localhost:3000/auth/asc --audience http://localhost:3000/login

🎉 Nice!

Create a .env file

Next, copy the .env.example file into .env.

Update SAML_PRIVATE_KEY and SAML_ENC_PRIVATE_KEY to wherever you saved your .pem generated in the previous step. Easiest to copy the .pem into this folder.. but whatever floats your boat.

Consider changing the database url as well.

Run like Remix!

Next startup the app like remix recommends.

 npm run setup # create the database
 npm run build # initial build
 npm run dev # run the website!

Using the site

The / route is not secured with login.

Go to http://localhost:3000/notes to see the SSO process in action. You will be redirected to the IDP for login. Click the login button at the bottom of the screen. You will not be sent back to the /notes route.

You can fine tune user access, etc, or add additional functions to protect routes based on user groups, addresses, etc if you wish.

Users are automatically added to the database on their first signin attempt.

---

Remix stuff.....

Remix Blues Stack

Learn more about Remix Stacks.

npx create-remix@latest --template remix-run/blues-stack

What's in the stack

• GitHub Actions for deploy on merge to production and staging environments
• Email/Password Authentication with cookie-based sessions
• Database ORM with Prisma
• Styling with Tailwind
• End-to-end testing with Cypress
• Local third party request mocking with MSW
• Unit testing with Vitest and Testing Library
• Code formatting with Prettier
• Linting with ESLint
• Static Types with TypeScript

Not a fan of bits of the stack? Fork it, change it, and use npx create-remix --template your/repo! Make it your own.

Development

• This step only applies if you've opted out of having the CLI install dependencies for you:

  npx remix init

• Initial setup:

  npm run setup

• Run the first build:

  npm run build

• Start dev server:

  npm run dev

This starts your app in development mode, rebuilding assets on file changes.

Relevant code:

This is a pretty simple note-taking app, but it's a good example of how you can build a full stack app with Prisma and Remix. The main functionality is creating users, logging in and out, and creating and deleting notes.

• creating users, and logging in and out ./app/models/user.server.ts
• user sessions, and verifying them ./app/session.server.ts
• creating, and deleting notes ./app/models/note.server.ts

Deployment

This Remix Stack comes with two GitHub Actions that handle automatically deploying your app to production and staging environments.

• Initialize Git.

  git init

• Create a new GitHub Repository, and then add it as the remote for your project. Do not push your app yet!

  git remote add origin <ORIGIN_URL>

GitHub Actions

We use GitHub Actions for continuous integration and deployment. Anything that gets into the main branch will be deployed to production after running tests/build/etc. Anything in the dev branch will be deployed to staging.

Testing

Cypress

We use Cypress for our End-to-End tests in this project. You'll find those in the cypress directory. As you make changes, add to an existing file or create a new file in the cypress/e2e directory to test your changes.

We use @testing-library/cypress for selecting elements on the page semantically.

To run these tests in development, run npm run test:e2e:dev which will start the dev server for the app as well as the Cypress client. Make sure the database is running in docker as described above.

We have a utility for testing authenticated features without having to go through the login flow:

cy.login();
// you are now logged in as a new user

We also have a utility to auto-delete the user at the end of your test. Just make sure to add this in each test file:

afterEach(() => {
  cy.cleanupUser();
});

That way, we can keep your local db clean and keep your tests isolated from one another.

Vitest

For lower level tests of utilities and individual components, we use vitest. We have DOM-specific assertion helpers via @testing-library/jest-dom.

Type Checking

This project uses TypeScript. It's recommended to get TypeScript set up for your editor to get a really great in-editor experience with type checking and auto-complete. To run type checking across the whole project, run npm run typecheck.

Linting

This project uses ESLint for linting. That is configured in .eslintrc.js.

Formatting

We use Prettier for auto-formatting in this project. It's recommended to install an editor plugin (like the VSCode Prettier plugin) to get auto-formatting on save. There's also a npm run format script you can run to format all files in the project.