@maderaunified/musd-saml

Madera Unified SAML Implementation

Install

$ npm install @maderaunified/musd-saml

Usage

const musdSAML = require("@maderaunified/musd-saml");

const app = express();

// Express Setup

musdSAML.init( app );

// Create Server, etc.

Methods

init( app, [userModel] )

Use init to instantiate all routes and initiate SAML strategies. Profile is object returned to service provider. Application can define it's own object to send to the client

const userModel = ( profile, done ) => 
    done( null, {
        email          : profile.nameID,
        employeeType   : profile.employeeType,
        employeeNumber : profile.employeeNumber
    } );

musdSAML.init( app, userModel );

isAuth( req )

Returns boolean value as to whether the user is logged in

router.get(
    '/route',
    ( req, res ) => {
        if ( isAuth( req ) ) {
            res.render(
                config.routes.appView,
                {
                    user : req.user
                }
            );
        }
        else {
            res.render(
                config.routes.appView,
                {
                    user : null
                }
            );
        }
    }
);

Environment Variables

Required

• APP_ROUTE - Home page route for application ( Can be url if API and Client are separate )
  • default : '/'
• SAML_ISSUER - Accessing URL. Change to be application specific
  • default : 'https://localhost.madera.k12.ca.us:3000'
• HOST - URL for callback
  • default : 'localhost.madera.k12.ca.us:3000'
• PROTOCOL - Protocol for callback
  • default - http://
• KEY_PATH - local path to Madera Certificate Key
• PUB_KEY_PATH - local path to Madera Public Certificate
• LDAP_PATH - URL to Madera AD Server
• LDAP_BASEDN - BASE DN for Madera LDAP Server
• LDAP_USERNAME - User with access to Madera LDAP Server
• LDAP_PASSWORD - Password for user to Madera LDAP Server

Optional

• APP_VIEW - view to load for app route

  • default : 'index'

• LOGIN_ROUTE - Route for login. Recommend not change

  • default : '/login'

• LOGOUT_ROUTE - Route used for logout. Recommend not change

  • default : '/logout'

• USER_ROUTE - Route to access user information

  • default : '/user'

• USER_VIEW - View to load for user route

  • default : 'user'

• SAML_PATH - Callback point for SAML provider. Recommend not change

  • default : '/login/callback'

• SAML_ENTRY_POINT - Identity Provider Entry Point. Recommend not change

  • default : 'https://selfservice.madera.k12.ca.us/idp/profile/SAML2/Redirect/SSO'

• SAML_LOGOUT_URL - Identity Provider Logout Point. Recommend not change

  • default : 'https://selfservice.madera.k12.ca.us/idp/logout'

• IDENTIFIER_FORMAT - nameID format. Recommend not change

  • default : 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'