How to use generateProviderServiceMetadata() working with passport-saml

About

Asked 23/7, 2014 at 15:24 Answered 27/8, 2014 at 11:32

Solved node.js certificate metadata saml

I have the following issue:

I want to generate the SAML-metadata, for my SSO-ServiceProvider, using node.js and the package

This package includes the method 'generateServiceProviderMetadata( decryptionCert )' which will generate a service provider metadata document suitable for supplying to an identity provider.

this requires an decryptionCert...

Which decryptionCert shall I use, i.e. where and how to get it?

As far as I understand, I need something like:

  privateCert: fs.readFileSync('./cert.pem', 'utf-8')

where do I get './cert.pem' ?

Any advises and hints will be appreciated.

Regression answered 23/7, 2014 at 15:24 Comment(0)

In fact, you need to generate your own certificate for this. If you have private key, you can use it to generate cert file:

openssl req -x509 -nodes -days 365 -key mykey.key -out certificate.crt

Where mykey.key is your existing key, and certificate.crt is newly generated certificate you should pass as a parameter to generateServiceProviderMetadata function.

If you don't have a private key yet, using this command will generate one for you:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.key -out certificate.crt

Of course, first you need to load cert. into memory using fs.readFileSync

So, here are steps:
1. Generate .crt file
2. Load it into variable: var decryptionCert: fs.readFileSync('./certificate.crt', 'utf-8')
3. Generate metadata file, calling provided function: myStrategy.generateServiceProviderMetadata(decryptionCert)

Translocate answered 27/8, 2014 at 11:32 Comment(5)

so for the 'passport-saml' example above, how would we call generateServiceProviderMetadata from app.js? I have steps 1 and 2 in place, but am not sure what to replace 'myStrategy' with your example with. I have tried saml as this what the strategy is defined as in config.js, I've also used 'SamlStrategy' and various other options that seemed likely. – Reciprocal 8/5, 2017 at 9:58

It's the strategy object you get when you instantiate new SamlStrategy. First, you create a new object: var myStrategy= new saml.Strategy({ // config parameters }); Then, you can pass it to passport, but can use it later as well, for creating metadata: passport.use(myStrategy); myStrategy.generateServiceProviderMetadata(decryptionCert); – Translocate 8/5, 2017 at 11:14

where does it generate this document? If I create the strategy, then call this method, passing in the same cert I use for the privateCert value, I get nothing in either stdio or generated file. I've also tried using the cert arg – Partlet 23/4, 2018 at 6:33

@Partlet In case it helps, I just answered that question here: https://mcmap.net/q/1316824/-how-to-provide-sp-metadata-to-testshib-idp-using-passport-saml – Swollen 4/6, 2018 at 14:37

thanks, @bmaupin. I got it printing to the console eventually, but it seems the configuration was pretty light and not really usable. I ended up using samltool.com to generate one for our idp – Partlet 6/6, 2018 at 17:1

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags