{"id":15046618,"url":"https://github.com/auth0/passport-wsfed-saml2","last_synced_at":"2025-05-16T13:03:14.279Z","repository":{"id":4429253,"uuid":"5567258","full_name":"auth0/passport-wsfed-saml2","owner":"auth0","description":"passport strategy for both WS-fed and SAML2 protocol","archived":false,"fork":false,"pushed_at":"2025-05-06T18:30:41.000Z","size":392,"stargazers_count":49,"open_issues_count":48,"forks_count":61,"subscribers_count":86,"default_branch":"master","last_synced_at":"2025-05-06T18:46:38.984Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2012-08-27T06:00:53.000Z","updated_at":"2025-01-13T15:47:30.000Z","dependencies_parsed_at":"2024-06-18T16:54:59.454Z","dependency_job_id":"3df6357f-e4fb-43c8-a244-50442ad9590b","html_url":"https://github.com/auth0/passport-wsfed-saml2","commit_stats":{"total_commits":61,"total_committers":26,"mean_commits":"2.3461538461538463","dds":0.819672131147541,"last_synced_commit":"16324a41e26a77ac2ca3f508758a9c1019e2c590"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassport-wsfed-saml2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassport-wsfed-saml2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassport-wsfed-saml2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassport-wsfed-saml2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/passport-wsfed-saml2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254535826,"owners_count":22087398,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T20:53:18.373Z","updated_at":"2025-05-16T13:03:14.253Z","avatar_url":"https://github.com/auth0.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"Passport-wsfed-saml2\n=============\n\n![Build Status](https://github.com/auth0/passport-wsfed-saml2/workflows/Tests/badge.svg)\n\nThis is a ws-federation protocol + SAML2 tokens authentication provider for [Passport](http://passportjs.org/).\n\nThe code was originally based on Henri Bergius's [passport-saml](https://github.com/bergie/passport-saml) library.\n\nPassport-wsfed-saml2 has been tested to work with both [Windows Azure Active Directory / Access Control Service](https://www.windowsazure.com/en-us/home/features/identity/) and with [Microsoft Active Directory Federation Services](http://en.wikipedia.org/wiki/Active_Directory_Federation_Services).\n\n## Installation\n\n    $ npm install passport-wsfed-saml2\n\n## Usage\n\n### Configure strategy\n\nThis example utilizes a development namespace (auth10-dev) on [Windows Azure Access Control Service](https://www.windowsazure.com/en-us/home/features/identity/) and is using Google as the only identity provider configured for the sample application.\n\n\n```javascript\npassport.use(new wsfedsaml2(\n  {\n    path: '/login/callback',\n    realm: 'urn:node:app',\n    homeRealm: '', // optionally specify an identity provider to avoid showing the idp selector\n    identityProviderUrl: 'https://auth10-dev.accesscontrol.windows.net/v2/wsfederation',\n    cert: 'MIIDFjCCAf6gAwIBAgIQDRRprj9lv5RBvaQdlFltDzANBgkqhkiG9w0BAQUFADAvMS0wKwYDVQQDEyRhdXRoMTAtZGV2LmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTEwOTIxMDMzMjMyWhcNMTIwOTIwMDkzMjMyWjAvMS0wKwYDVQQDEyRhdXRoMTAtZGV2LmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEIAEB/KKT3ehNMy2MQEyJIQ14CnZ8DC2FZgL5Gw3UBSdRb9JinK/gw7yOQtwKfJUqeoZaUSAAdcdbgqwVxOnMBfWiYX7DGlEznSfqYVnjOWjqqjpoe0h6RaOkdWovDtoidmqVV1tWRJFjkj895clPxkLpnqqcycfXtSdZen0SroGyirD2mhMc9ccLbJ3zRnBNjlvpo5zow1zYows09tNC2EhGROL/OS4JNRQnJRICZC+WkA7Igf3xb4btJOzIPYhFiqCGrd/81CHmAyEuNzyc60I5yomDQfZ91Eb5Uk3F7mlfAlYB2aZwDwldLSOlVE8G1E5xFexF/5KyPC4ShNodAgMBAAGjLjAsMAsGA1UdDwQEAwIE8DAdBgNVHQ4EFgQUyYfx/r0czsPgTzitqey+fGMQpkcwDQYJKoZIhvcNAQEFBQADggEBAB5dgQlM3tKS+/cjlvMCPjZH0Iqo/Wxecri3YWi2iVziZ/TQ3dSV+J/iTyduN7rJmFQzTsNERcsgyAwblwnEKXXvlWo8G/+VDIMh3zVPNQFKns5WPkfkhoSVlnZPTQ8zdXAcWgDXbCgvdqIPozdgL+4l0W0XVL1ugA4/hmMXh4TyNd9Qj7MWvlmwVjevpSqN4wG735jAZFHb/L/vvc91uKqP+JvLNj8tPFVxatzi56X1V8jBM61Hx1Z9D0RCDjtmcQVysVEylW9O6mNy6ZrhLm0q5yecWudfBbTKDqRoCHQRjrMU2c5q/ZFDtgjLim7FaNxFbgTyjeRCPclEhfemYVg='\n  },\n  function(profile, done) {\n    findByEmail(profile.email, function(err, user) {\n      if (err) {\n        return done(err);\n      }\n      return done(null, user);\n    });\n  })\n));\n```\n\n### Provide the authentication callback\n\nYou need to provide a route corresponding to the `path` configuration parameter given to the strategy:\n\n```javascript\napp.post('/login/callback',\n  passport.authenticate('wsfed-saml2', { failureRedirect: '/', failureFlash: true }),\n  function(req, res) {\n    res.redirect('/');\n  }\n);\n```\n\n### Jwt\n\nAlthough this started as wsfed\u0026saml we added support for wsfed\u0026jwt. Usage is\n\n~~~javascript\npassport.use(new wsfedsaml2(\n  {\n    jwt: {\n      //same options than node-jsonwebtoken\n      algorithm: 'RS256'\n    },\n    cert: 'MIIDFjCCAf6gAwIBAgIQDRRprj9lv5RBvaQdlFltDzANBgkqhkiG9w0BAQUFADAvMS0wKwYDVQQDEyRhdXRoMTAtZGV2LmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTEwOTIxMDMzMjMyWhcNMTIwOTIwMDkzMjMyWjAvMS0wKwYDVQQDEyRhdXRoMTAtZGV2LmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEIAEB/KKT3ehNMy2MQEyJIQ14CnZ8DC2FZgL5Gw3UBSdRb9JinK/gw7yOQtwKfJUqeoZaUSAAdcdbgqwVxOnMBfWiYX7DGlEznSfqYVnjOWjqqjpoe0h6RaOkdWovDtoidmqVV1tWRJFjkj895clPxkLpnqqcycfXtSdZen0SroGyirD2mhMc9ccLbJ3zRnBNjlvpo5zow1zYows09tNC2EhGROL/OS4JNRQnJRICZC+WkA7Igf3xb4btJOzIPYhFiqCGrd/81CHmAyEuNzyc60I5yomDQfZ91Eb5Uk3F7mlfAlYB2aZwDwldLSOlVE8G1E5xFexF/5KyPC4ShNodAgMBAAGjLjAsMAsGA1UdDwQEAwIE8DAdBgNVHQ4EFgQUyYfx/r0czsPgTzitqey+fGMQpkcwDQYJKoZIhvcNAQEFBQADggEBAB5dgQlM3tKS+/cjlvMCPjZH0Iqo/Wxecri3YWi2iVziZ/TQ3dSV+J/iTyduN7rJmFQzTsNERcsgyAwblwnEKXXvlWo8G/+VDIMh3zVPNQFKns5WPkfkhoSVlnZPTQ8zdXAcWgDXbCgvdqIPozdgL+4l0W0XVL1ugA4/hmMXh4TyNd9Qj7MWvlmwVjevpSqN4wG735jAZFHb/L/vvc91uKqP+JvLNj8tPFVxatzi56X1V8jBM61Hx1Z9D0RCDjtmcQVysVEylW9O6mNy6ZrhLm0q5yecWudfBbTKDqRoCHQRjrMU2c5q/ZFDtgjLim7FaNxFbgTyjeRCPclEhfemYVg='\n  },\n  function(profile, done) {\n    findByEmail(profile.email, function(err, user) {\n      if (err) {\n        return done(err);\n      }\n      return done(null, user);\n    });\n  })\n));\n~~~\n\n### Configure strategy for ADFS (WS-Fed)\n\nThis example utilizes a strategy with ADFS using WS-Fed.\n\n```javascript\npassport.use('wsfed-saml2', new wsfedsaml2({\n\t// ADFS RP identifier\n\trealm: 'urn:node:wsfedapp',\n\tidentityProviderUrl: 'https://my-adfs/adfs/ls',\n\t// ADFS token signing certificate\n\tthumbprint: '5D27....D27E'\n\t// or cert: fs.readFileSync(\"adfs_signing_key.cer\")\n}, function (profile, done) {\n // ...\n}));\n\n```\n\n### Configure strategy for ADFS (SAMLp)\n\nThis example utilizes a strategy using SAMLp and RP token encryption.\n\n```javascript\npassport.use('wsfed-saml2', new wsfedsaml2({\n\t// ADFS RP identifier\n\trealm: 'urn:node:samlapp',\n\tidentityProviderUrl: 'https://my-adfs/adfs/ls',\n    // ADFS token signing certificate\n    thumbprint: '5D27...D27E',\n\t// or cert: fs.readFileSync(\"adfs_signing_key.cer\")\n    protocol: \"samlp\",\n\t// This is the private key (use case where ADFS\n\t// is configured for RP token encryption)\n    decryptionKey: fs.readFileSync(\"server.key\")\n}, function (profile, done) {\n // ...\n}));\n```\n\n## Issue Reporting\n\nIf you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n## Security Notice\n\nThe [Security Notice](SECURITY-NOTICE.md) lists the version that is vulnerable and the actions that are required to upgrade to the latest version.\n\n## Author\n\n[Auth0](auth0.com)\n\n## License\n\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fpassport-wsfed-saml2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0%2Fpassport-wsfed-saml2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fpassport-wsfed-saml2/lists"}