fix: update saml strategy to use new config options
This commit is contained in:
parent
fd274e49f8
commit
8205c1f243
@ -10,16 +10,21 @@ const SAMLStrategy = require('passport-saml').Strategy
|
||||
|
||||
module.exports = {
|
||||
init (passport, conf) {
|
||||
let samlConfig = {
|
||||
const samlConfig = {
|
||||
callbackUrl: conf.callbackURL,
|
||||
entryPoint: conf.entryPoint,
|
||||
issuer: conf.issuer,
|
||||
cert = _.split(conf.cert, '|'),
|
||||
signatureAlgorithm: conf.signatureAlgorithm,
|
||||
digestAlgorithm: conf.digestAlgorithm,
|
||||
identifierFormat: conf.identifierFormat,
|
||||
wantAssertionsSigned: conf.wantAssertionsSigned,
|
||||
acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
|
||||
disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
|
||||
authnContext: conf.authnContext,
|
||||
racComparison: conf.racComparison,
|
||||
forceAuthn: conf.forceAuthn,
|
||||
passive: conf.passive,
|
||||
providerName: conf.providerName,
|
||||
skipRequestCompression: conf.skipRequestCompression,
|
||||
authnRequestBinding: conf.authnRequestBinding,
|
||||
@ -28,11 +33,8 @@ module.exports = {
|
||||
if (!_.isEmpty(conf.audience)) {
|
||||
samlConfig.audience = conf.audience
|
||||
}
|
||||
if (!_.isEmpty(conf.cert)) {
|
||||
samlConfig.cert = _.split(conf.cert, '|')
|
||||
}
|
||||
if (!_.isEmpty(conf.privateCert)) {
|
||||
samlConfig.privateCert = conf.privateCert
|
||||
if (!_.isEmpty(conf.privateKey)) {
|
||||
samlConfig.privateKey = conf.privateKey
|
||||
}
|
||||
if (!_.isEmpty(conf.decryptionPvk)) {
|
||||
samlConfig.decryptionPvk = conf.decryptionPvk
|
||||
|
@ -29,10 +29,10 @@ props:
|
||||
hint: Public PEM-encoded X.509 signing certificate. If the provider has multiple certificates that are valid, join them together using the | pipe symbol.
|
||||
multiline: true
|
||||
order: 4
|
||||
privateCert:
|
||||
privateKey:
|
||||
type: String
|
||||
title: Private Certificate
|
||||
hint: (Optional) - PEM formatted key used to sign the certificate.
|
||||
title: Private Key
|
||||
hint: PEM formatted key used to sign the certificate.
|
||||
multiline: true
|
||||
order: 5
|
||||
decryptionPvk:
|
||||
@ -52,53 +52,88 @@ props:
|
||||
- sha1
|
||||
- sha256
|
||||
- sha512
|
||||
digestAlgorithm:
|
||||
type: String
|
||||
title: Digest Algorithm
|
||||
hint: Digest algorithm used to provide a digest for the signed data object
|
||||
maxWidth: 400
|
||||
order: 8
|
||||
default: sha1
|
||||
enum:
|
||||
- sha1
|
||||
- sha256
|
||||
- sha512
|
||||
identifierFormat:
|
||||
type: String
|
||||
title: Name Identifier format
|
||||
default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
||||
order: 8
|
||||
order: 20
|
||||
wantAssertionsSigned:
|
||||
type: Boolean
|
||||
title: Always sign assertions
|
||||
hint: If enabled, add WantAssertionsSigned="true" to the metadata, to specify that the IdP should always sign the assertions.
|
||||
default: false
|
||||
order: 21
|
||||
acceptedClockSkewMs:
|
||||
type: Number
|
||||
title: Accepted Clock Skew Milleseconds
|
||||
hint: Time in milliseconds of skew that is acceptable between client and server when checking OnBefore and NotOnOrAfter assertion condition validity timestamps. Setting to -1 will disable checking these conditions entirely.
|
||||
default: -1
|
||||
order: 9
|
||||
default: 0
|
||||
order: 22
|
||||
disableRequestedAuthnContext:
|
||||
type: Boolean
|
||||
title: Disable Requested Auth Context
|
||||
hint: If enabled, do not request a specific authentication context. This is known to help when authenticating against Active Directory (AD FS) servers.
|
||||
default: false
|
||||
order: 10
|
||||
order: 23
|
||||
authnContext:
|
||||
type: String
|
||||
title: Auth Context
|
||||
hint: Name identifier format to request auth context.
|
||||
default: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
|
||||
order: 11
|
||||
order: 24
|
||||
racComparison:
|
||||
type: String
|
||||
title: RAC Comparison Type
|
||||
hint: Requested Authentication Context comparison type.
|
||||
maxWidth: 400
|
||||
order: 25
|
||||
default: exact
|
||||
enum:
|
||||
- exact
|
||||
- minimum
|
||||
- maximum
|
||||
- better
|
||||
forceAuthn:
|
||||
type: Boolean
|
||||
title: Force Initial Re-authentication
|
||||
hint: If enabled, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
|
||||
default: false
|
||||
order: 12
|
||||
order: 26
|
||||
passive:
|
||||
type: Boolean
|
||||
title: Passive
|
||||
hint: If enabled, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction.
|
||||
default: false
|
||||
order: 27
|
||||
providerName:
|
||||
type: String
|
||||
title: Provider Name
|
||||
hint: Optional human-readable name of the requester for use by the presenter's user agent or the identity provider.
|
||||
default: wiki.js
|
||||
order: 13
|
||||
order: 28
|
||||
skipRequestCompression:
|
||||
type: Boolean
|
||||
title: Skip Request Compression
|
||||
hint: If enabled, the SAML request from the service provider won't be compressed.
|
||||
default: false
|
||||
order: 14
|
||||
order: 29
|
||||
authnRequestBinding:
|
||||
type: String
|
||||
title: Request Binding
|
||||
hint: Binding used for request authentication from IDP.
|
||||
maxWidth: 400
|
||||
order: 15
|
||||
order: 30
|
||||
default: 'HTTP-POST'
|
||||
enum:
|
||||
- HTTP-Redirect
|
||||
@ -108,22 +143,22 @@ props:
|
||||
type: String
|
||||
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
|
||||
hint: The field storing the user unique identifier. Can be a variable name or a URI-formatted string.
|
||||
order: 16
|
||||
order: 40
|
||||
mappingEmail:
|
||||
title: Email Field Mapping
|
||||
type: String
|
||||
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
|
||||
hint: The field storing the user email. Can be a variable name or a URI-formatted string.
|
||||
order: 17
|
||||
order: 41
|
||||
mappingDisplayName:
|
||||
title: Display Name Field Mapping
|
||||
type: String
|
||||
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
|
||||
hint: The field storing the user display name. Can be a variable name or a URI-formatted string.
|
||||
order: 18
|
||||
order: 42
|
||||
mappingPicture:
|
||||
title: Avatar Picture Field Mapping
|
||||
type: String
|
||||
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/picture'
|
||||
hint: The field storing the user avatar picture. Can be a variable name or a URI-formatted string.
|
||||
order: 19
|
||||
order: 43
|
||||
|
Loading…
Reference in New Issue
Block a user