Fix/saml - Githubissues

percenuage commented 6 years ago

Description

Using SAML provider, the response from my company does not provide an Id but nameId property. I propose a solution to set the profile id from the custom profileToUser in providers.js like :

module.exports = {
    saml: {
        /* PASSPORT-SAML */
        entryPoint: process.env.SSO_ENTRY_POINT,
        issuer: `https://${process.env.SSO_HOST}/auth/saml`,
        callbackUrl: `https://${process.env.SSO_HOST}/auth/saml/postResponse`,
        privateCert: Fs.readFileSync(process.env.SSO_PRIVATE_KEY_PATH, 'utf-8'),
        decryptionPvk: Fs.readFileSync(process.env.SSO_PRIVATE_KEY_PATH, 'utf-8'),
        signatureAlgorithm: process.env.SSO_ALGORITHM,
        identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        acceptedClockSkewMs: -1,

        /* LOOPBACK-COMPONENT-PASSPORT */
        module: 'passport-saml',
        strategy: 'Strategy',
        session: true,
        authScheme: 'saml',
        authPath: '/auth/saml/',
        callbackPath: '/auth/saml/postResponse',
        callbackHTTPMethod: 'post',
        successRedirect: '/#!/splash',
        failureRedirect: '/#!/login',
        profileToUser: function(provider, profile, options) {
            profile.id = profile.nameID;
            return {
                name: {first: profile.givenName, last: profile.sn},
                company: profile.company,
                login: profile.sAMAccountName,
                email: profile.email,
                username: profile.nameID,
                password: Utils.generateKey('password'),
            };
        },
    },
};

Fix identity test case when email is missing from different language (like French).

Related issues
connect to #226

Checklist

[x] New tests added or existing tests modified to cover all changes
[x] Code conforms with the style guide

slnode commented 6 years ago

Can one of the admins verify this patch? To accept patch and trigger a build add comment ".ok\W+to\W+test."

raymondfeng commented 6 years ago

@percenuage Thank you for the patch. Please sign CLA - https://cla.strongloop.com/agreements/strongloop/loopback-component-passport.

percenuage commented 6 years ago

done !

Axel Gendillard

2018-03-13 21:34 GMT+01:00 Raymond Feng notifications@github.com:

@percenuage https://github.com/percenuage Thank you for the patch. Please sign CLA - https://cla.strongloop.com/agreements/strongloop/ loopback-component-passport.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/strongloop/loopback-component-passport/pull/242#issuecomment-372809040, or mute the thread https://github.com/notifications/unsubscribe-auth/AGYZIFx50J4wTzCczcFkN7VV-0Dacnpwks5teC1egaJpZM4RhdG0 .

raymondfeng commented 6 years ago

ok to test

Destreyf commented 6 years ago

I'm running into an issue using SAML and was wondering if there could be some more review on this PR, it looks like the linter failed, but either the public doesn't have permission to see that, or the linter build/test is missing. This pr would fix my SAML issue and make my life a bit better.

strongloop / loopback-component-passport

Fix/saml #242

Description

Related issues

Checklist