passport-saml integration with idp

Question

My application need integration with SAML IDP, I am using passport-saml which is for node.js, below is the config

passport.use(new SamlStrategy(
  {
    issuer: 'http://192.168.1.5/assert',
    entryPoint: 'https://wwww.aa.com/webservices/public/saml2sso?SPID=http://192.168.1.5/metadata.xml',

    callbackUrl: 'http://192.168.1.5/assert',
    decryptionPvk:fs.readFileSync(path.resolve(__dirname, '..', 'certs') + "/cert.pem").toString(),
    privateCert: fs.readFileSync(path.resolve(__dirname, '..', 'certs') + "/key.pem").toString(),
    cert: [fs.readFileSync(path.resolve(__dirname, '..', 'certs') + "/dev.cer").toString()],

  },
  function (profile, done) {
    return done(null, profile);
  }
))

I know the cert parmater is the certification (public key) from IDP, but what's the privateCert and decryptionPvk. I passed the private key key.pem as privateCert and public key (cert.pem) as decryptionPvk, but it not works. I generate the key and certification with following command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 900

score 1 · Answer 1 · edited May 23 '17 at 12:06

You should check out this thread if you haven't already

You have attached only the configuration part of your code, but I guess the [authentication callback] (https://www.npmjs.com/package/passport-saml#provide-the-authentication-callback) part is properly implemented. As for the 'cert' property, I think you should provide content of 'cert.pem' according to the passport-saml documentation examples.

score 0 · Answer 2 · edited Aug 26 '20 at 01:52

0

I think it's kinda late for the answer but both options are used to encrypt the authentication request before we send it to the IdP. So you have to add in both your private key.

{decryptionPvk: privateKey, privateCert: privateKey}

edited Aug 26 '20 at 01:52

Jared Forth

1,577
6
17
32

answered Aug 24 '20 at 18:21

Rayser Castrillo

11
2

passport-saml integration with idp

2 Answers2