2018-09-04 00:58:54 +00:00
|
|
|
const _ = require('lodash')
|
|
|
|
|
|
|
|
/* global WIKI */
|
|
|
|
|
|
|
|
// ------------------------------------
|
|
|
|
// SAML Account
|
|
|
|
// ------------------------------------
|
|
|
|
|
|
|
|
const SAMLStrategy = require('passport-saml').Strategy
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
init (passport, conf) {
|
2022-05-02 04:18:19 +00:00
|
|
|
const samlConfig = {
|
2019-04-28 01:42:04 +00:00
|
|
|
callbackUrl: conf.callbackURL,
|
|
|
|
entryPoint: conf.entryPoint,
|
|
|
|
issuer: conf.issuer,
|
2022-05-10 01:51:40 +00:00
|
|
|
cert: _.split(conf.cert || '', '|'),
|
2019-04-28 01:42:04 +00:00
|
|
|
signatureAlgorithm: conf.signatureAlgorithm,
|
2022-05-02 04:18:19 +00:00
|
|
|
digestAlgorithm: conf.digestAlgorithm,
|
2019-04-28 01:42:04 +00:00
|
|
|
identifierFormat: conf.identifierFormat,
|
2022-05-02 04:18:19 +00:00
|
|
|
wantAssertionsSigned: conf.wantAssertionsSigned,
|
2019-04-28 01:42:04 +00:00
|
|
|
acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
|
|
|
|
disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
|
|
|
|
authnContext: conf.authnContext,
|
2022-05-02 04:18:19 +00:00
|
|
|
racComparison: conf.racComparison,
|
2019-04-28 01:42:04 +00:00
|
|
|
forceAuthn: conf.forceAuthn,
|
2022-05-02 04:18:19 +00:00
|
|
|
passive: conf.passive,
|
2019-04-28 01:42:04 +00:00
|
|
|
providerName: conf.providerName,
|
|
|
|
skipRequestCompression: conf.skipRequestCompression,
|
2020-08-30 05:36:17 +00:00
|
|
|
authnRequestBinding: conf.authnRequestBinding,
|
|
|
|
passReqToCallback: true
|
2019-04-28 01:42:04 +00:00
|
|
|
}
|
|
|
|
if (!_.isEmpty(conf.audience)) {
|
|
|
|
samlConfig.audience = conf.audience
|
|
|
|
}
|
2022-05-02 04:18:19 +00:00
|
|
|
if (!_.isEmpty(conf.privateKey)) {
|
|
|
|
samlConfig.privateKey = conf.privateKey
|
2019-04-28 01:42:04 +00:00
|
|
|
}
|
|
|
|
if (!_.isEmpty(conf.decryptionPvk)) {
|
|
|
|
samlConfig.decryptionPvk = conf.decryptionPvk
|
|
|
|
}
|
2022-03-26 01:17:04 +00:00
|
|
|
passport.use(conf.key,
|
2020-08-30 05:36:17 +00:00
|
|
|
new SAMLStrategy(samlConfig, async (req, profile, cb) => {
|
2019-04-28 01:42:04 +00:00
|
|
|
try {
|
|
|
|
const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
|
|
|
|
if (!userId) {
|
|
|
|
throw new Error('Invalid or Missing Unique ID field!')
|
|
|
|
}
|
|
|
|
|
|
|
|
const user = await WIKI.models.users.processProfile({
|
2020-08-30 05:36:17 +00:00
|
|
|
providerKey: req.params.strategy,
|
2019-04-28 01:42:04 +00:00
|
|
|
profile: {
|
|
|
|
id: userId,
|
|
|
|
email: _.get(profile, conf.mappingEmail, ''),
|
|
|
|
displayName: _.get(profile, conf.mappingDisplayName, '???'),
|
|
|
|
picture: _.get(profile, conf.mappingPicture, '')
|
2020-08-30 05:36:17 +00:00
|
|
|
}
|
2019-04-28 01:42:04 +00:00
|
|
|
})
|
|
|
|
cb(null, user)
|
|
|
|
} catch (err) {
|
|
|
|
cb(err, null)
|
|
|
|
}
|
2018-09-04 00:58:54 +00:00
|
|
|
})
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|