Node.js Passport SAML from multiple Identity Providers

Asked 9/8, 2013 at 21:2 Answered 6/9, 2018 at 9:37

I've implemented Passport-SAML into my site, and now I've been tasked with connecting our site with two other Identity Providers. In my code, it seems to use only the most recent definition of the SamlStrategy. How can I set up Passport to allow multiple different implementations of the same Strategy?

My implementation looks like this:

passport.use(new SamlStrategy(
    {
        path: '/saml',
        entryPoint: "https://idp.identityprovider.net/idp/profile/SAML2/Redirect/SSO",
        issuer: 'https://www.serviceprovider.com/saml',
        identifierFormat: 'urn:domain:safemls:nameid-format:loginid'
    },
    function(profile, done) {
        console.log("SamlStrategy done", profile)
        User.findOne({email:profile.Email}, function(err, user) {
            if (err) {
                return done(err);
            }
            if(!user) return done(null, false, {message: 'No account associated with this email.'})
            return done(null, user);
        });
    }
));

Winchell answered 9/8, 2013 at 21:2 Comment(0)

You can give each strategy a name

passport.use('config1', new SamlStrategy(..), callback);
passport.use('config2', new SamlStrategy(..), callback);

and then

app.post('/login/callback',
  function(req, res) {
      var config = // extract config name somehow
      passport.authenticate(config, { failureRedirect: '/', failureFlash: true })();
  }
  function(req, res) {
    res.redirect('/');
  }
);

Voiceless answered 10/8, 2013 at 19:57 Comment(4)

What if we store the configuration data in a database and users can set this up after the express server is started. How can you instantiate new saml strategies in memory without restarting the express server? I've seen this npmjs.com/package/passports but haven't really tried. Just curious if you hit this problem – Desolation 11/12, 2015 at 4:25

For setting up multiple SAML strategies on the fly, try MultiSamlStrategy – Midi 6/5, 2020 at 10:45

Thanks! This was super helpful for me as I was trying to create a saml proxy for azure AD (route multiple sso app logins) through a single node-js app – Gopher 14/8, 2020 at 4:52

@Voiceless I would like to suggest edit as suggested by @Midi , MultiSamlStrategy – Whitaker 26/6, 2021 at 15:44

little fixes (and a lot of time saving :) ) to @woloski answer:

Giving strategy name:

passport.use( new SamlStrategy(name:'config1', ...), callback);
passport.use( new SamlStrategy(name:'config2', ...), callback);

and handling the post response:

app.post('/login/callback',
function(req, res, next) {
      var config = // extract config name somehow
      passport.authenticate(config, { failureRedirect: '/', failureFlash: true })(req, res, next);
  }
  function(req, res) {
    res.redirect('/');
  }
);

Cheers

Pinfold answered 6/9, 2018 at 9:37 Comment(0)

Recommended topics

Hot tags