wikijs-fork/server/modules/authentication/saml/authentication.js

65 lines
2.0 KiB
JavaScript
Raw Normal View History

const _ = require('lodash')
/* global WIKI */
// ------------------------------------
// SAML Account
// ------------------------------------
const SAMLStrategy = require('passport-saml').Strategy
module.exports = {
init (passport, conf) {
2019-04-28 01:42:04 +00:00
let samlConfig = {
callbackUrl: conf.callbackURL,
entryPoint: conf.entryPoint,
issuer: conf.issuer,
signatureAlgorithm: conf.signatureAlgorithm,
identifierFormat: conf.identifierFormat,
acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
authnContext: conf.authnContext,
forceAuthn: conf.forceAuthn,
providerName: conf.providerName,
skipRequestCompression: conf.skipRequestCompression,
authnRequestBinding: conf.authnRequestBinding,
passReqToCallback: true
2019-04-28 01:42:04 +00:00
}
if (!_.isEmpty(conf.audience)) {
samlConfig.audience = conf.audience
}
if (!_.isEmpty(conf.cert)) {
samlConfig.cert = _.split(conf.cert, '|')
}
if (!_.isEmpty(conf.privateCert)) {
samlConfig.privateCert = conf.privateCert
}
if (!_.isEmpty(conf.decryptionPvk)) {
samlConfig.decryptionPvk = conf.decryptionPvk
}
passport.use(conf.key,
new SAMLStrategy(samlConfig, async (req, profile, cb) => {
2019-04-28 01:42:04 +00:00
try {
const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
if (!userId) {
throw new Error('Invalid or Missing Unique ID field!')
}
const user = await WIKI.models.users.processProfile({
providerKey: req.params.strategy,
2019-04-28 01:42:04 +00:00
profile: {
id: userId,
email: _.get(profile, conf.mappingEmail, ''),
displayName: _.get(profile, conf.mappingDisplayName, '???'),
picture: _.get(profile, conf.mappingPicture, '')
}
2019-04-28 01:42:04 +00:00
})
cb(null, user)
} catch (err) {
cb(err, null)
}
})
)
}
}