DEV Community

Discussion on: SSO + Express JS + Passport-saml

Collapse
 
gspagoni profile image
Giampaolo Spagoni

Hello Mitesh, great article
do you have a github repo for all the code?
thanks

Collapse
 
miteshkamat27 profile image
Mitesh Kamat

Thanks for writing. I have a private repo but yet to create a public repo. Once I'm done with it I'll share in this post.

Collapse
 
gspagoni profile image
Giampaolo Spagoni

Hello Mitesh, it's me again. i have another question that maybe you can help me out. i used passport-saml for SSO and it worked. now i have to make a ws trust call to get the token back but i have to pass the Assertion on the header. do you have an example how looks like the assertion or i can i do ? thanks in advance

Thread Thread
 
miteshkamat27 profile image
Mitesh Kamat • Edited

Hi There,

Apologies for late response. Did you try passport-jwt package?
var JwtStrategy = require('passport-jwt').Strategy;
var ExtractJwt = require('passport-jwt').ExtractJwt;

And maybe you can create an options object like:
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken(); //depends
opts.secretOrKey = config.secretKey;

passport.use(new JwtStrategy(opts,
(jwt_payload, done) => {
console.log('JWT payload', jwt_payload);
}
)));

And if you have specified a login route like this:
router.post('/login', passport.authenticate('saml'), (req, res) => {
var token = jwt.sign({_id: req.user._id}, config.secretKey, {
expiresIn: '1h'
});
res.statusCode = 200;
res.setHeader('Content-Type', 'application/json');
res.json({ success: true, token: token, status: 'You are successfully logged in !' })
});
Let me know if this is what you are looking for.

Thread Thread
 
gspagoni profile image
Giampaolo Spagoni

Thank you Mitesh
thanks for your reply which is good but it answer partially to my request
what I'm looking for is how to create an RTS to post as soap request including the assertion. I'm not very strong in security so forgive me if I don't use the right terminology. in short, after the SSO I need to make a was trust call passing the RST and once I got the RSTR I need to extract the token which I guess is what you wrote above

thanks for your help
GS