Search…
SAML Module
The SAML module allows you to implement Single-Sign-On via SAML v2.0 protocol. Using this library, you can configure your org to act as a Service Provider.Import
1
import { ServiceProvider, IdentityProvider } from 'saml'
Copied!

IdentityProvider

IdentityProvider(options) The configuration for a service that authenticates users in the SAML flow.

IdentityProvider(options)

Creates a new instance of IdentityProvider, required as an argument for ServiceProvider methods.
Arguments
  • options (Object)
    • sso_login_url (String) The login URL to use during a login request.
    • sso_logout_url (String) The logout URL to use during a logout request.
    • certificates (String[]) An array of PEM formatted certificates.
    • force_authn (Boolean=false) If true, forces re-authentication.
    • sign_get_request (Boolean=false) If true, signs the request.
    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.

ServiceProvider

ServiceProvider(options)

A service provider that uses an IdentityProvider for authentication in the SAML flow.
Arguments
  • options (Object)
    • entity_id (String The unique sp identifier (often the URL of the metadata file).
    • private_key (String) Service provider private key in PEM format.
    • certificate (String) Service provider certificate in PEM format.
    • assert_endpoint (String) The URL of service provider assert endpoint.
    • alt_private_keys (String[]) Additional private keys to use when attempting to decrypt responses (for rollover).
    • alt_certs (String[]) Additional certificates to expose in the SAML metadata (for rollover).
    • force_authn (Boolean=false) If true, forces re-authentication.
    • auth_context (String) The SAML AuthnContextClassRef.
    • nameid_format (String) The Name ID format.
    • sign_get_request (Boolean=false) If true, signs the request.
    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.
Returns
  • updated (ServiceProvider) true if the value was set, or false if the cache value did not initially equal chk.

ServiceProvider.create_login_request_url(idp, options)

Get a URL to initiate a login.
Arguments
  • idp (IdentityProvider) An IdentityProvider instance.
  • options (Object)
    • relay_state (String) The SAML relay state.
    • force_authn (Boolean=false) If true, forces re-authentication.
    • auth_context (String) The SAML AuthnContextClassRef.
    • nameid_format (String) The Name ID format.
    • sign_get_request (Boolean=false) If true, signs the request.
Returns
  • response (Object)
    • url the request url
    • id the request id

ServiceProvider.create_logout_request_url(idp, options)

Creates a SAML Request URL to initiate a user logout.
Arguments
  • idp (IdentityProvider) An IdentityProvider instance.
  • options (Object)
    • relay_state (String) The SAML relay state.
    • nameid_format (String) The Name ID format.
    • sign_get_request (Boolean=false) If true, signs the request.
    • session_index (String) The session index to use.
    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.
Returns
  • url (String) The request url.

ServiceProvider.create_logout_response_url(idp, options)

Creates a SAML Response URL to confirm a successful IdP initiated logout.
Arguments
  • idp (IdentityProvider) An IdentityProvider instance.
  • options (Object)
    • in_response_to (String) The ID of the request that this is in response to. Should be checked against any sent request IDs.
    • sign_get_request (Boolean=false) If true, signs the request.
    • relay_state (String) The SAML relay state.
Returns
  • url (String) The request url.

ServiceProvider.create_metadata()

Returns the XML metadata used during the initial SAML configuration.
Returns
  • url (String)

ServiceProvider.post_assert(idp, options)

Gets a SAML response object if the login attempt is valid, used for post binding.
Arguments
  • idp (IdentityProvider) An IdentityProvider instance.
  • options (Object)
    • request_body (Object) An object containing the parsed query string parameters. This object should contain the value for either a SAMLResponse or SAMLRequest.
    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.
    • require_session_index (Boolean=false) If false, allow the assertion to be valid without a SessionIndex attribute on the AuthnStatement node.
Returns
  • response (Object) A SAML response object.
    • response_header (Object)
      • id (String)
      • destination (String)
      • in_response_to (String)
    • type "authn_response" (String)
    • user (Object)
      • name_id (String)
      • session_index (String)
      • attributes (Object)

ServiceProvider.redirect_assert(idp, options)

Gets a SAML response object if the login attempt is valid, used for redirect binding.
Arguments
  • idp (IdentityProvider) An IdentityProvider instance.
  • options (Object)
    • request_body (Object) An object containing the parsed query string parameters. This object should contain the value for either a SAMLResponse or SAMLRequest.
    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.
    • require_session_index (Boolean=false) If false, allow the assertion to be valid without a SessionIndex attribute on the AuthnStatement node.
    Returns
    • response (Object) A SAML response object.
      • response_header (Object)
        • id (String)
        • destination (String)
        • in_response_to (String)
      • type "authn_response" (String)
      • user (Object)
        • name_id (String)
        • session_index (String)
        • attributes (Object)
Last modified 2mo ago