wikijs-fork/server/modules/authentication/saml/authentication.js

67 lines
2.1 KiB
JavaScript
Raw Normal View History

const _ = require('lodash')
/* global WIKI */
// ------------------------------------
// SAML Account
// ------------------------------------
const SAMLStrategy = require('passport-saml').Strategy
module.exports = {
init (passport, conf) {
const samlConfig = {
2019-04-28 01:42:04 +00:00
callbackUrl: conf.callbackURL,
entryPoint: conf.entryPoint,
issuer: conf.issuer,
2022-05-10 01:51:40 +00:00
cert: _.split(conf.cert || '', '|'),
2019-04-28 01:42:04 +00:00
signatureAlgorithm: conf.signatureAlgorithm,
digestAlgorithm: conf.digestAlgorithm,
2019-04-28 01:42:04 +00:00
identifierFormat: conf.identifierFormat,
wantAssertionsSigned: conf.wantAssertionsSigned,
2019-04-28 01:42:04 +00:00
acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
authnContext: _.split(conf.authnContext, '|'),
racComparison: conf.racComparison,
2019-04-28 01:42:04 +00:00
forceAuthn: conf.forceAuthn,
passive: conf.passive,
2019-04-28 01:42:04 +00:00
providerName: conf.providerName,
skipRequestCompression: conf.skipRequestCompression,
authnRequestBinding: conf.authnRequestBinding,
passReqToCallback: true
2019-04-28 01:42:04 +00:00
}
if (!_.isEmpty(conf.audience)) {
samlConfig.audience = conf.audience
}
if (!_.isEmpty(conf.privateKey)) {
samlConfig.privateKey = conf.privateKey
2019-04-28 01:42:04 +00:00
}
if (!_.isEmpty(conf.decryptionPvk)) {
samlConfig.decryptionPvk = conf.decryptionPvk
}
passport.use(conf.key,
new SAMLStrategy(samlConfig, async (req, profile, cb) => {
2019-04-28 01:42:04 +00:00
try {
const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
if (!userId) {
throw new Error('Invalid or Missing Unique ID field!')
}
const user = await WIKI.models.users.processProfile({
providerKey: req.params.strategy,
2019-04-28 01:42:04 +00:00
profile: {
id: userId,
email: _.get(profile, conf.mappingEmail, ''),
displayName: _.get(profile, conf.mappingDisplayName, '???'),
picture: _.get(profile, conf.mappingPicture, '')
}
2019-04-28 01:42:04 +00:00
})
cb(null, user)
} catch (err) {
cb(err, null)
}
})
)
}
}