Example with https://openidp.feide.no/

examples/login/app.js

@@ -0,0 +1,122 @@
+var express = require('express')
+  , passport = require('passport')
+  , util = require('util')
+  , SamlStrategy = require('../../lib/passport-saml/index').Strategy;
+
+
+var users = [
+    { id: 1, givenName: 'bob', email: '[email protected]' }
+  , { id: 2, givenName: 'joe', email: '[email protected]' }
+];
+
+function findByEmail(email, fn) {
+  for (var i = 0, len = users.length; i < len; i++) {
+    var user = users[i];
+    if (user.email === email) {
+      return fn(null, user);
+    }
+  }
+  return fn(null, null);
+}
+
+
+// Passport session setup.
+//   To support persistent login sessions, Passport needs to be able to
+//   serialize users into and deserialize users out of the session.  Typically,
+//   this will be as simple as storing the user ID when serializing, and finding
+//   the user by ID when deserializing.
+passport.serializeUser(function(user, done) {
+  done(null, user.email);
+});
+
+passport.deserializeUser(function(id, done) {
+  findByEmail(id, function (err, user) {
+    done(err, user);
+  });
+});
+
+passport.use(new SamlStrategy(
+  {
+    path: '/login/callback',
+    entryPoint: 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
+    issuer: 'passport-saml'
+  },
+  function(profile, done) {
+    if (!profile.email) {
+      return done(new Error("No email found"), null);
+    }
+    // asynchronous verification, for effect...
+    process.nextTick(function () {
+      findByEmail(profile.email, function(err, user) {
+        if (err) {
+          return done(err);
+        }
+        if (!user) {
+          // "Auto-registration"
+          users.push(profile);
+          return done(null, profile);
+        }
+        return done(null, user);
+      })
+    });
+  }
+));
+
+var app = express.createServer();
+
+// configure Express
+app.configure(function() {
+  app.set('views', __dirname + '/views');
+  app.set('view engine', 'ejs');
+  app.use(express.logger());
+  app.use(express.cookieParser());
+  app.use(express.bodyParser());
+  app.use(express.methodOverride());
+  app.use(express.session({ secret: 'keyboard cat' }));
+  app.use(passport.initialize());
+  app.use(passport.session());
+  app.use(app.router);
+  app.use(express.static(__dirname + '/../../public'));
+});
+
+
+app.get('/', function(req, res){
+  res.render('index', { user: req.user });
+});
+
+app.get('/account', ensureAuthenticated, function(req, res){
+  res.render('account', { user: req.user });
+});
+
+app.get('/login',
+  passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }),
+  function(req, res) {
+    res.redirect('/');
+  }
+);
+
+app.post('/login/callback',
+  passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }),
+  function(req, res) {
+    res.redirect('/');
+  }
+);
+
+app.get('/logout', function(req, res){
+  req.logout();
+  res.redirect('/');
+});
+
+app.listen(3000, function () {
+  console.log("Server listening in http://localhost:3000");
+});
+
+// Simple route middleware to ensure user is authenticated.
+//   Use this route middleware on any resource that needs to be protected.  If
+//   the request is authenticated (typically via a persistent login session),
+//   the request will proceed.  Otherwise, the user will be redirected to the
+//   login page.
+function ensureAuthenticated(req, res, next) {
+  if (req.isAuthenticated()) { return next(); }
+  res.redirect('/login')
+}

examples/login/views/account.ejs

@@ -0,0 +1,2 @@
+<p>Username: <%= user.givenName %></p>
+<p>Email: <%= user.email %></p>

examples/login/views/index.ejs

@@ -0,0 +1,5 @@
+<% if (!user) { %>
+<h2>Welcome! Please log in.</h2>
+<% } else { %>
+<h2>Hello, <%= user.givenName %>.</h2>
+<% } %>

examples/login/views/layout.ejs

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>Passport-SAML Example</title>
+	</head>
+	<body>
+		<% if (!user) { %>
+			<p>
+			<a href="/">Home</a> | 
+			<a href="/login">Log In</a>
+			</p>
+		<% } else { %>
+			<p>
+			<a href="/">Home</a> | 
+			<a href="/account">Account</a> | 
+			<a href="/logout">Log Out</a>
+			</p>
+		<% } %>
+		<%- body %>
+	</body>
+</html>
+