| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- const _ = require('lodash')
- /* global WIKI */
- // ------------------------------------
- // SAML Account
- // ------------------------------------
- const SAMLStrategy = require('passport-saml').Strategy
- module.exports = {
- init (passport, conf) {
- const samlConfig = {
- callbackUrl: conf.callbackURL,
- entryPoint: conf.entryPoint,
- issuer: conf.issuer,
- cert = _.split(conf.cert, '|'),
- signatureAlgorithm: conf.signatureAlgorithm,
- digestAlgorithm: conf.digestAlgorithm,
- identifierFormat: conf.identifierFormat,
- wantAssertionsSigned: conf.wantAssertionsSigned,
- acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
- disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
- authnContext: conf.authnContext,
- racComparison: conf.racComparison,
- forceAuthn: conf.forceAuthn,
- passive: conf.passive,
- providerName: conf.providerName,
- skipRequestCompression: conf.skipRequestCompression,
- authnRequestBinding: conf.authnRequestBinding,
- passReqToCallback: true
- }
- if (!_.isEmpty(conf.audience)) {
- samlConfig.audience = conf.audience
- }
- if (!_.isEmpty(conf.privateKey)) {
- samlConfig.privateKey = conf.privateKey
- }
- if (!_.isEmpty(conf.decryptionPvk)) {
- samlConfig.decryptionPvk = conf.decryptionPvk
- }
- passport.use(conf.key,
- new SAMLStrategy(samlConfig, async (req, profile, cb) => {
- try {
- const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
- if (!userId) {
- throw new Error('Invalid or Missing Unique ID field!')
- }
- const user = await WIKI.models.users.processProfile({
- providerKey: req.params.strategy,
- profile: {
- id: userId,
- email: _.get(profile, conf.mappingEmail, ''),
- displayName: _.get(profile, conf.mappingDisplayName, '???'),
- picture: _.get(profile, conf.mappingPicture, '')
- }
- })
- cb(null, user)
- } catch (err) {
- cb(err, null)
- }
- })
- )
- }
- }
|
