passport-saml-example
This node.js web application demonstrates SSO authentication provided by RIT's Shibboleth Server (https://shibboleth.main.ad.rit.edu/), using the passport-saml
package.
Config
This app requires 3 files to be placed in a folder named cert
located in the project's root directory. These files include (1) the certificate of the Identity Provider (IdP). In this case, RIT's Shibboleth Server is the IdP. As a Service Provider (SP), you need to generate your own (2) certificate and (3) private key. These files are named as follows:
cert.pem
: SP's certificate (Generated by you)cert_idp.pem
: IdP's certificate (RIT's is contained in https://shibboleth.main.ad.rit.edu/rit-metadata.xml)key.pem
: SP's private key (Generated by you)
Creating Private Key and Certificates
Generate the SP files with the following command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 900
The IdP Certificate is contained within the ds:X509Certificate
tag.
- Copy the tag's contents into a file named
cert_idp.pem
.
Next, copy .env.sample
to .env
and edit appropriately. Running this app locally will likely not work since the IdP can't redirect to localhost
.
Registering the Service Provider
Contact ITS to register your Service Provider. During this step, the IdP Administrator downloads the metadata from the /Shibboleth.sso/Metadata
endpoint and loads it into the IdP.
Usage
npm install
node app.js