sso

config/config.js

+module.exports = {
+    development: {
+      passport: {
+        strategy: 'saml',
+        saml: {
+            path: process.env.SAML_PATH || '/saml/SSO',
+            entryPoint: process.env.SAML_ENTRY_POINT || 'https://m4lab.hft-stuttgart.de/idp/saml2/idp/SSOService.php',
+            issuer: 'sp-account.m4lab.hft-stuttgart.de', //local metadata
+            logoutUrl: 'https://m4lab.hft-stuttgart.de/idp/saml2/idp/SingleLogoutService.php'
+        }
+      }
+    },
+    test: {
+        passport: {
+            strategy: 'saml',
+            saml: {
+                path: process.env.SAML_PATH || '/saml/SSO',
+                entryPoint: process.env.SAML_ENTRY_POINT || 'https://m4lab.hft-stuttgart.de/idp/saml2/idp/SSOService.php',
+                issuer: 'sp-account-testing.m4lab.hft-stuttgart.de', //testing metadata
+                //issuer: 'sp-account-prod.m4lab.hft-stuttgart.de', //production metadata
+                logoutUrl: 'https://m4lab.hft-stuttgart.de/idp/saml2/idp/SingleLogoutService.php'
+            }
+        }
+    }
+  };
+  
\ No newline at end of file

config/routes.js

+const fs = require('fs');
+const SamlStrategy = require('passport-saml').Strategy;
+
+module.exports = function (app, config, passport) {
+
+  // =========== PASSPORT =======
+  passport.serializeUser(function (user, done) {
+    done(null, user);
+  });
+
+  passport.deserializeUser(function (user, done) {
+    done(null, user);
+  });
+
+  var samlStrategy = new SamlStrategy({
+      // URL that goes from the Identity Provider -> Service Provider
+      callbackUrl: config.passport.saml.path,
+      // Base address to call logout requests
+      logoutUrl: config.passport.saml.logoutUrl,
+      
+      entryPoint: config.passport.saml.entryPoint,
+      issuer: config.passport.saml.issuer,
+      identifierFormat: null,
+      
+      // Service Provider private key
+      decryptionPvk: fs.readFileSync(__dirname + '/cert/key.pem', 'utf8'),
+      
+      // Service Provider Certificate
+      privateCert: fs.readFileSync(__dirname + '/cert/key.pem', 'utf8'),
+      //privateCert: fs.readFileSync(__dirname + '/cert/cert.pem', 'utf8'),
+      
+      // Identity Provider's public key
+      cert: fs.readFileSync(__dirname + '/cert/cert_idp.pem', 'utf8'),
+      
+      validateInResponseTo: false,
+      disableRequestedAuthnContext: true
+    },
+    function (profile, done) {
+      return done(null,
+        {
+          id: profile.nameID,
+          idFormat: profile.nameIDFormat,
+          email: profile.email,
+          firstName: profile.givenName,
+          lastName: profile.sn
+        });
+    });
+  
+  passport.use(samlStrategy);
+  // ============================
+
+  app.get('/login',
+    passport.authenticate(config.passport.strategy,
+      {
+        successRedirect: '/',
+        failureRedirect: '/login'
+      })
+  );
+
+  app.post(config.passport.saml.path,
+    passport.authenticate(config.passport.strategy,
+      {
+        failureRedirect: '/',
+        failureFlash: true
+      }),
+    function (req, res) {
+      res.redirect('/');
+    }
+  );
+
+  app.get('/logout', function (req, res) {
+    if (req.user == null) {
+      return res.redirect('/');
+    }
+    
+    req.user.nameID = req.user.id;
+    req.user.nameIDFormat = req.user.idFormat;
+    return samlStrategy.logout(req, function(err, uri) {
+      req.logout();
+      
+      if ( req.session ) {
+        req.session.destroy((err) => {
+          if(err) {
+              return console.log(err);
+          }
+        });
+      }
+     
+      return res.redirect(uri);
+    });
+
+  });
+
+  // to generate Service Provider's XML metadata
+  app.get('/saml/metadata', 
+    function(req, res) {
+      res.type('application/xml');
+      var spMetadata = samlStrategy.generateServiceProviderMetadata(fs.readFileSync(__dirname + '/cert/cert.pem', 'utf8'));
+      res.status(200).send(spMetadata);
+    }
+  );
+
+};
\ No newline at end of file

server.js

@@ -7,8 +7,43 @@ app.use(bodyParser.urlencoded({ extended: false }))
 app.use(bodyParser.json())
 const request = require('ajax-request');
 
-app.use(express.static('vcm'));
-app.listen(process.env.PORT || 8081);
+const passport = require('passport')
+const session = require('express-session')
+
+var env = process.env.NODE_ENV || 'development';
+const config = require('./config/config')[env];
+
+app.set('views', 'vcm')
+app.set('view engine', 'pug')
 
+app.get('/index', function (req, res) {
+    console.log("does this works?")
+    if (req.isAuthenticated()) {
+        res.render('index', {
+            userLogin: true
+        })
+    } else {
+        res.render('index', {
+            userLogin: false,
+            title: 'Hey',
+            message: 'Hello there!'
+        })
+    }
+})
+app.get('/index.html', function (req, res) {
+    res.redirect('/index')
+})
+
+app.use(express.static('vcm'));
+app.use(session({
+      resave: true,
+      saveUninitialized: true,
+      secret: 'thisisasecret-m4lab-tv3'
+    })
+)
+app.use(passport.initialize())
+app.use(passport.session())
 
+require('./config/routes')(app, config, passport)
 
+app.listen(process.env.PORT || 8081)
\ No newline at end of file