8

I have the following issue:

I want to generate the SAML-metadata, for my SSO-ServiceProvider, using node.js and the package

'passport-saml'.

This package includes the method 'generateServiceProviderMetadata( decryptionCert )' which will generate a service provider metadata document suitable for supplying to an identity provider.

this requires an decryptionCert...

Which decryptionCert shall I use, i.e. where and how to get it?

As far as I understand, I need something like:

  privateCert: fs.readFileSync('./cert.pem', 'utf-8')

where do I get './cert.pem' ?

Any advises and hints will be appreciated.

elyahu
  • 165
  • 3
  • 14

1 Answers1

8

In fact, you need to generate your own certificate for this. If you have private key, you can use it to generate cert file:

openssl req -x509 -nodes -days 365 -key mykey.key -out certificate.crt

Where mykey.key is your existing key, and certificate.crt is newly generated certificate you should pass as a parameter to generateServiceProviderMetadata function.

If you don't have a private key yet, using this command will generate one for you:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.key -out certificate.crt

Of course, first you need to load cert. into memory using fs.readFileSync

So, here are steps:
1. Generate .crt file
2. Load it into variable: var decryptionCert: fs.readFileSync('./certificate.crt', 'utf-8')
3. Generate metadata file, calling provided function: myStrategy.generateServiceProviderMetadata(decryptionCert)

coagmano
  • 5,542
  • 1
  • 28
  • 41
Nerman
  • 159
  • 10
  • so for the 'passport-saml' example above, how would we call generateServiceProviderMetadata from app.js? I have steps 1 and 2 in place, but am not sure what to replace 'myStrategy' with your example with. I have tried `saml` as this what the strategy is defined as in config.js, I've also used 'SamlStrategy' and various other options that seemed likely. – Paul Trotter May 08 '17 at 09:58
  • 1
    It's the strategy object you get when you instantiate new SamlStrategy. First, you create a new object: `var myStrategy= new saml.Strategy({ // config parameters });` Then, you can pass it to passport, but can use it later as well, for creating metadata: `passport.use(myStrategy);` `myStrategy.generateServiceProviderMetadata(decryptionCert);` – Nerman May 08 '17 at 11:14
  • 2
    where does it generate this document? If I create the strategy, then call this method, passing in the same cert I use for the privateCert value, I get nothing in either stdio or generated file. I've also tried using the cert arg – wkhatch Apr 23 '18 at 06:33
  • @wkhatch In case it helps, I just answered that question here: https://stackoverflow.com/a/50682941/399105 – bmaupin Jun 04 '18 at 14:37
  • 1
    thanks, @bmaupin. I got it printing to the console eventually, but it seems the configuration was pretty light and not really usable. I ended up using samltool.com to generate one for our idp – wkhatch Jun 06 '18 at 17:01