This package has been deprecated

    Author message:

    Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

    kth-node-passport-cas

    3.1.15 • Public • Published

    kth-node-passport-cas

    Cas authentication strategy for Passport based but modified from github.com/sadne/passport-cas.

    Migrating from <= 2.x to 3.x

    We are now whitelisting the redirect url (nextUrl param) to only allow relative paths actually owned by the application. When upgrading you need to provide these in the initialising of this package.

    Add proxyPrefixPath to route handler-init (normally in server.js):

    require('kth-node-passport-cas').routeHandlers({
      casLoginUri: config.proxyPrefixPath.uri + '/login',
      casGatewayUri: config.proxyPrefixPath.uri + '/loginGateway',
      proxyPrefixPath: config.proxyPrefixPath.uri, // <-------------- here
      server: server
    })

    Also add proxyPrefixPath to redirect (normally in authentication.js):

    require('kth-node-passport-cas').routeHandlers.getRedirectAuthenticatedUser({
      ldapConfig: config.ldap,
      ldapClient: ldapClient,
      proxyPrefixPath: config.proxyPrefixPath.uri, // <-------------- here
      unpackLdapUser: function (ldapUser, pgtIou) {
        return {
          username: ldapUser.ugUsername,
          displayName: ldapUser.displayName,
          email: ldapUser.mail,
          pgtIou: pgtIou,
          // This is where you can set custom roles
          isAdmin: hasGroup(config.auth.adminGroup, ldapUser),
          isSupport: hasGroup(config.auth.supportGroup, ldapUser),
          isSchema: hasGroup(config.auth.schemaGroup, ldapUser)
        }
      }
    })

    API

    Strategy

    Passport style authentication strategy implemented for login through KTH CAS.

    Usage:

    const passport = require('passport')
    const Strategy = require('kth-node-passport-cas').Strategy
    const log = require('kth-node-log')
    
    
    const casOptions = {
      ssoBaseURL: 'https://url.to/cas',
      serverBaseURL: 'http://url.to.me:port',
      log: log
    }
    
    const strategy = new Strategy(casOptions,
      function (logOnResult, done) {
        return done(null, logOnResult.user, logOnResult)
      }
    )
    
    passport.use(strategy)

    GatewayStrategy

    Passport style authentication strategy implemented to check if user is logged in through KTH CAS.

    const passport = require('passport')
    const GatewayStrategy = require('kth-node-passport-cas').GatewayStrategy
    const log = require('kth-node-log')
    
    passport.use(new GatewayStrategy({
      casUrl: 'https://url.to/cas'
    }, function (result, done) {
      done(null, result.user, result)
    }))

    getProxyTicket

    Get a proxy ticket from CAS-service. Returns a promise.

    Call signature:

    const getProxyTicket = require('kth-node-passport-cas').getProxyTicket
    
    getProxyTicket (casService, pgtId, targetService)
      .then((ticket) => {
        // do something...
      })
      .catch((err) => {
        // do something...
      })
    

    Express Route Handlers

    Express route handlers used for KTH CAS authentication.

    const ldapConfig = { ... } // Object structure can be found in kth-node-configuration
    const COOKIE_TIMEOUT = 5 // in seconds. The cookie timeout determines how long a user is considered "anonymous"
    
    const ldap = require('kth-node-ldap')
    const ldapClient =  ldap.createClient({
      url: ldapConfig.uri,
      timeout: ldapConfig.timeout,
      connectTimeout: ldapConfig.connecttimeout,
      maxConnections: ldapConfig.maxconnections,
      bindDN: ldapConfig.username,
      bindCredentials: ldapConfig.password,
      checkInterval: ldapConfig.checkinterval,
      maxIdleTime: ldapConfig.maxidletime,
      reconnect: true
    })
    
    const server = require('kth-node-server')
    const passport = require('passport')
    
    // Don't forget to register the strategies here (Strategy and GatewayStrategy shown above)
    
    server.use(passport.initialize())
    server.use(passport.session())
    
    const { authLoginHandler, authCheckHandler, logoutHandler, pgtCallbackHandler, serverLogin, getServerGatewayLogin } = require('kth-node-passport-cas').routeHandlers({
      adminGroup: 'group_name', // LDAP admin group for this app
      casLoginUri: '/app/mountpoint/login',
      casGatewayUri: '/app/mountpoint/loginGateway',
      cookieTimeout: COOKIE_TIMEOUT,
      ldapConfig: ldapConfig,
      ldapClient: ldapClient,
      server: server
    })
    appRoute.get('cas.login', '/app/mountpoint/login', authLoginHandler)
    appRoute.get('cas.gateway', '/app/mountpoint/loginGateway', authCheckHandler)
    appRoute.get('cas.logout', '/app/mountpoint/logout', logoutHandler)
    // Optional pgtCallback
    appRoute.get('cas.pgtCallback', '/app/mountpoint/pgtCallback', pgtCallbackHandler)
    
    // Make sure user is logged in and send to login page if not
    server.get('/app/mountpoint', serverLogin, function (req, res) { ... })
    
    // Make sure user is logged in and fail request if not
    server.get('/app/mountpoint/gateway', getServerGatewayLogin('/'), function (req, res) { ... })

    Install

    npm i kth-node-passport-cas

    DownloadsWeekly Downloads

    24

    Version

    3.1.15

    License

    MIT

    Unpacked Size

    34.9 kB

    Total Files

    11

    Last publish

    Collaborators

    • kthwebmaster
    • wkchung
    • exacs
    • ssundkvist
    • kth-ci
    • emilstenberg