SAML Recherche

[LiFaytheGoblin]

• Wie können wir SAML nutzen? https://weblogin.htw-berlin.de/
• Nima macht praktikum im rz -> guter kontakt?

[Kaes3kuch3n]

Authentication middleware Passport.js with passport-saml as strategy. RZ probably needs Service Provider Metadata (XML) → Can be generated by passport-saml after setup (SamlStrategy::generateServiceProviderMetadata).

Frage: Was muss die Metadata alles enthalten?

Supported encryption algorithms:

• aes256
• aes128
• tripledes

Supported signature and digest algorithms:

• sha1
• sha256
• sha512

Process:

• Create SamlStrategy with options object containing the required options
  • callbackUrl
  • entryPoint
  • issuer
  • cert (IdP certificate)
• Apply strategy (Passport::use)
• Login: GET /login → Passport::authenticate (with successRedirect and failureRedirect → needed? authenticate redirects to IdP anyway)
• Login via SAML SSO on weblogin.htw-berlin.de → Redirect to imimap login callback endpoint
• Login: POST /login/callback → Passport::authenticate (with failureRedirect; failureFlash: true for passing login error? → req.flash) as middleware + regular success handler (e.g. redirect to homepage/profile page)
• Successful login returns profile for use in callback, sets req.user

Stay logged in between requests → Session token - JWT?