Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/weihanchen/saml2-express-ts-sample

An example for saml2 integration with Auth0、OKTA、saml-idp, 🔥 support upload metadata
https://github.com/weihanchen/saml2-express-ts-sample

adfs okta saml2 sso

Last synced: 3 days ago
JSON representation

An example for saml2 integration with Auth0、OKTA、saml-idp, 🔥 support upload metadata

Host: GitHub
URL: https://github.com/weihanchen/saml2-express-ts-sample
Owner: weihanchen
Created: 2022-07-04T08:44:58.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2023-02-07T12:31:49.000Z (almost 2 years ago)
Last Synced: 2023-02-26T12:11:59.234Z (over 1 year ago)
Topics: adfs, okta, saml2, sso
Language: TypeScript
Homepage:
Size: 698 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

saml2-express-ts-sample
===

This Project is an example for saml2 integration with [saml-idp](https://github.com/mcguinness/saml-idp)、auth0、OKTA.

🔥 Support Upload Metadata...

## Quick Start

### self-signed certificate
If you need stronger security, please use credentials for mutual security verification

generate service provider's cert

```sh
cd initial
openssl req -newkey rsa:4096 -x509 -nodes -sha256 -keyout sp.pem -out sp.crt
```

### Start with Service Provider
```sh
npm run start:dev
```

### Configuration with IDP
- [(✔️ default) saml-idp](https://github.com/mcguinness/saml-idp)
```bash
git clone https://github.com/mcguinness/saml-idp

|- saml2-express-ts-sample
|- ...
|- saml-idp
|- ...

cd saml-idp

npm start -- --host=localhost \
--port=5857 \
--acsUrl=http://localhost:5858/auth/saml2/acs \
--sloUrl=http://localhost:5858/auth/saml2/sls \
--aud=http://localhost:5858/auth/saml2/acs \
--enc=true \
--encCert="../saml2-express-ts-sample/initial/sp.cer" \
--encKey="../saml2-express-ts-sample/initial/sp.key"
```
- [auth0](./auth0.md)
- [okta](https://developer.okta.com/docs/concepts/saml/#federated-identity)

## Redirect to IDP
When the user directly accesses the service provider, sp should redirect to the idp login follow sso.

- GET `auth/saml2`: Redirect to IDP

## Identity Provider Configuration
- GET `/auth/saml2/metadata`: Metadata endpoint
- POST `/auth/saml2/acs`: Assertion Consumer Service endpoint
- GET `/auth/saml2/sls`: Single Logout Service endpoint

## How to update idp configuration with metadata?

- PUT `/auth/saml2/idp-metadata`
- body
- url(string): `idp's metdata url`

```sh
curl -XPUT localhost:5858/auth/saml2/idp-metadata -d '{"url": "http://localhost:5857/metadata"}' -H 'Content-Type: application/json'
```

## Service Provider Configuration

[🔍 Here](./.env)