SAML 2.0 authentication strategy for Passport
The code was originally based on Michael Bosworth's express-saml library.
$ npm install passport-saml
The SAML identity provider will redirect you to the URL provided by the
You need to provide a route corresponding to the
path configuration parameter given to the strategy:
saml as the strategy:
Passport-SAML uses the HTTP Redirect Binding for its
AuthnRequests, and expects to receive the messages back via the HTTP POST binding.
Authentication requests sent by Passport-SAML can be signed using RSA-SHA1. To sign them you need to provide a private key in the PEM format via the
privateCert configuration key. For example:
It is a good idea to validate the incoming SAML Responses. For this, you can provide the Identity Provider's certificate using the
cert confguration key:
cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh ... W=='
Here is a configuration that has been proven to work with ADFS:
entryPoint: ''issuer: ''callbackUrl: ''cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh ... W=='identifierFormat: null
Please note that ADFS needs to have a trust established to your service in order for this to work.