| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- const _ = require('lodash')
- /* global WIKI */
- // ------------------------------------
- // SAML Account
- // ------------------------------------
- const SAMLStrategy = require('passport-saml').Strategy
- module.exports = {
- init (passport, conf) {
- let samlConfig = {
- callbackUrl: conf.callbackURL,
- entryPoint: conf.entryPoint,
- issuer: conf.issuer,
- signatureAlgorithm: conf.signatureAlgorithm,
- identifierFormat: conf.identifierFormat,
- acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
- disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
- authnContext: conf.authnContext,
- forceAuthn: conf.forceAuthn,
- providerName: conf.providerName,
- skipRequestCompression: conf.skipRequestCompression,
- authnRequestBinding: conf.authnRequestBinding
- }
- if (!_.isEmpty(conf.audience)) {
- samlConfig.audience = conf.audience
- }
- if (!_.isEmpty(conf.cert)) {
- samlConfig.cert = _.split(conf.cert, '|')
- }
- if (!_.isEmpty(conf.privateCert)) {
- samlConfig.privateCert = conf.privateCert
- }
- if (!_.isEmpty(conf.decryptionPvk)) {
- samlConfig.decryptionPvk = conf.decryptionPvk
- }
- passport.use('saml',
- new SAMLStrategy(samlConfig, async (profile, cb) => {
- try {
- const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
- if (!userId) {
- throw new Error('Invalid or Missing Unique ID field!')
- }
- const user = await WIKI.models.users.processProfile({
- profile: {
- id: userId,
- email: _.get(profile, conf.mappingEmail, ''),
- displayName: _.get(profile, conf.mappingDisplayName, '???'),
- picture: _.get(profile, conf.mappingPicture, '')
- },
- providerKey: 'saml'
- })
- cb(null, user)
- } catch (err) {
- cb(err, null)
- }
- })
- )
- }
- }
|
