|  | @@ -10,30 +10,53 @@ const SAMLStrategy = require('passport-saml').Strategy
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  module.exports = {
 | 
	
		
			
				|  |  |    init (passport, conf) {
 | 
	
		
			
				|  |  | +    let samlConfig = {
 | 
	
		
			
				|  |  | +      callbackUrl: conf.callbackURL,
 | 
	
		
			
				|  |  | +      entryPoint: conf.entryPoint,
 | 
	
		
			
				|  |  | +      issuer: conf.issuer,
 | 
	
		
			
				|  |  | +      signatureAlgorithm: conf.signatureAlgorithm,
 | 
	
		
			
				|  |  | +      identifierFormat: conf.identifierFormat,
 | 
	
		
			
				|  |  | +      acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
 | 
	
		
			
				|  |  | +      disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
 | 
	
		
			
				|  |  | +      authnContext: conf.authnContext,
 | 
	
		
			
				|  |  | +      forceAuthn: conf.forceAuthn,
 | 
	
		
			
				|  |  | +      providerName: conf.providerName,
 | 
	
		
			
				|  |  | +      skipRequestCompression: conf.skipRequestCompression,
 | 
	
		
			
				|  |  | +      authnRequestBinding: conf.authnRequestBinding
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +    if (!_.isEmpty(conf.audience)) {
 | 
	
		
			
				|  |  | +      samlConfig.audience = conf.audience
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +    if (!_.isEmpty(conf.cert)) {
 | 
	
		
			
				|  |  | +      samlConfig.cert = _.split(conf.cert, '|')
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +    if (!_.isEmpty(conf.privateCert)) {
 | 
	
		
			
				|  |  | +      samlConfig.privateCert = conf.privateCert
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +    if (!_.isEmpty(conf.decryptionPvk)) {
 | 
	
		
			
				|  |  | +      samlConfig.decryptionPvk = conf.decryptionPvk
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  |      passport.use('saml',
 | 
	
		
			
				|  |  | -      new SAMLStrategy({
 | 
	
		
			
				|  |  | -        callbackURL: conf.callbackURL,
 | 
	
		
			
				|  |  | -        entryPoint: conf.entryPoint,
 | 
	
		
			
				|  |  | -        issuer: conf.issuer,
 | 
	
		
			
				|  |  | -        audience: conf.audience,
 | 
	
		
			
				|  |  | -        cert: _.split(conf.cert, '|'),
 | 
	
		
			
				|  |  | -        privateCert: conf.privateCert,
 | 
	
		
			
				|  |  | -        decryptionPvk: conf.decryptionPvk,
 | 
	
		
			
				|  |  | -        signatureAlgorithm: conf.signatureAlgorithm,
 | 
	
		
			
				|  |  | -        identifierFormat: conf.identifierFormat,
 | 
	
		
			
				|  |  | -        acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
 | 
	
		
			
				|  |  | -        disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
 | 
	
		
			
				|  |  | -        authnContext: conf.authnContext,
 | 
	
		
			
				|  |  | -        forceAuthn: conf.forceAuthn,
 | 
	
		
			
				|  |  | -        providerName: conf.providerName,
 | 
	
		
			
				|  |  | -        skipRequestCompression: conf.skipRequestCompression,
 | 
	
		
			
				|  |  | -        authnRequestBinding: conf.authnRequestBinding
 | 
	
		
			
				|  |  | -      }, (profile, cb) => {
 | 
	
		
			
				|  |  | -        WIKI.models.users.processProfile(profile).then((user) => {
 | 
	
		
			
				|  |  | -          return cb(null, user) || true
 | 
	
		
			
				|  |  | -        }).catch((err) => {
 | 
	
		
			
				|  |  | -          return cb(err, null) || true
 | 
	
		
			
				|  |  | -        })
 | 
	
		
			
				|  |  | +      new SAMLStrategy(samlConfig, async (profile, cb) => {
 | 
	
		
			
				|  |  | +        try {
 | 
	
		
			
				|  |  | +          const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
 | 
	
		
			
				|  |  | +          if (!userId) {
 | 
	
		
			
				|  |  | +            throw new Error('Invalid or Missing Unique ID field!')
 | 
	
		
			
				|  |  | +          }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +          const user = await WIKI.models.users.processProfile({
 | 
	
		
			
				|  |  | +            profile: {
 | 
	
		
			
				|  |  | +              id: userId,
 | 
	
		
			
				|  |  | +              email: _.get(profile, conf.mappingEmail, ''),
 | 
	
		
			
				|  |  | +              displayName: _.get(profile, conf.mappingDisplayName, '???'),
 | 
	
		
			
				|  |  | +              picture: _.get(profile, conf.mappingPicture, '')
 | 
	
		
			
				|  |  | +            },
 | 
	
		
			
				|  |  | +            providerKey: 'saml'
 | 
	
		
			
				|  |  | +          })
 | 
	
		
			
				|  |  | +          cb(null, user)
 | 
	
		
			
				|  |  | +        } catch (err) {
 | 
	
		
			
				|  |  | +          cb(err, null)
 | 
	
		
			
				|  |  | +        }
 | 
	
		
			
				|  |  |        })
 | 
	
		
			
				|  |  |      )
 | 
	
		
			
				|  |  |    }
 |