evin/nodebb-plugin-sso-saml
3
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Doc and icons

Browse source
This commit is contained in:
Alberto Asuero 2014-09-23 11:35:29 +02:00
parent df471d4a35
commit 50516a613b
3 changed files with 107 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -1,7 +1,24 @@
# NodeBB Twitter SSO
# NodeBB SAML SSO
NodeBB Plugin that allows users to login/register via their Twitter account.
NodeBB Plugin that allows users to login/register via SAML IDP
## Installation
npm install nodebb-plugin-sso-twitter
1) npm install nodebb-plugin-sso-saml
2) Activate plugin at nodebb admin panel
3) Once you activated it you can configure all the params at SAML section.
- IdP entry point: it's the saml IdP entry point. E.g https://<sever>/simplesaml/saml2/idp/SSOService.php.
- Callback path: path to callback. Eg: /auth/saml/callback.
- Issuer: issuer string to supply IdP. Eg: 'nodebb-saml'
- Metadata url: url where metadata will be served at. Optional.
- Server CRT file: Server crt path. Mandatory if used metadata url
##
If you need more info or if you need some help, please report an issue at https://github.com/GeographicaGS/nodebb-plugin-sso-saml/issues
##
This plugin has been built on top of passport.saml, for more info visit https://github.com/bergie/passport-saml

71
library.js
View file

@ -15,23 +15,20 @@
'name': "SAML",
'admin': {
'route': '/plugins/sso-saml',
'icon': 'fa-twitter-square'
'icon': 'fa-university'
}
});
var SAML = {};
var samlObj;
if (!meta.config['sso:saml:idpentrypoint'] || meta.config['sso:saml:callbackpath']) {
var err = new Error('Missing config variables');
throw err;
}
if (meta.config['sso:saml:idpentrypoint'] && meta.config['sso:saml:callbackpath']&& meta.config["sso:saml:metadata"] && meta.config["sso:saml:issuer"]) {
var samlObj = new passportSAML({
samlObj = new passportSAML({
path: meta.config['sso:saml:callbackpath'],
entryPoint: meta.config['sso:saml:idpentrypoint'],
issuer: 'passport-saml',
callbackUrl: nconf.get('url') + ':' + nconf.get('port') + meta.config['sso:saml:callbackpath']
callbackUrl: nconf.get('url') + meta.config['sso:saml:callbackpath']
},
function(profile, done) {
@ -42,10 +39,11 @@
cn: profile.cn,
mail: profile.mail,
eduPersonAffiliation: profile.eduPersonAffiliation,
email: profile.email
email: profile.email,
username: profile.displayName
};
SAML.login(user.nameID,user.nameID,function(err, user) {
SAML.login(user.nameID,user.username,function(err, user) {
if (err) {
return done(err);
}
@ -53,6 +51,11 @@
});
}
);
}
else{
console.log("No config info")
console.log(meta.config);
}
SAML.init = function(app, middleware, controllers, callback) {
@ -63,22 +66,34 @@
app.get('/admin/plugins/sso-saml', middleware.admin.buildHeader, render);
app.get('/api/admin/plugins/sso-saml', render);
if (samlObj){
if (meta.config["sso:saml:metadata"]) {
app.get(meta.config["sso:saml:metadata"], function(req, res) {
var cert = fs.readFileSync('/Users/alasarr/dev/nodebb/node_modules/nodebb-plugin-sso-saml/server.crt', 'utf-8');
if (meta.config["sso:saml:servercrt"]){
var cert = fs.readFileSync(meta.config["sso:saml:servercrt"], 'utf-8');
res.header("Content-Type", "application/xml");
res.send(samlObj.generateServiceProviderMetadata(cert))
}
else{
res.send("No servercrt specified. Please enter it at nodebb admin panel.");
}
});
}
app.post(meta.config['sso:saml:callbackpath'],
passport.authenticate('saml', { successRedirect: '/',failureRedirect: '/', failureFlash: true })
);
}
callback();
};
SAML.getStrategy = function(strategies, callback) {
if (samlObj){
passport.use(samlObj);
strategies.push({
@ -88,11 +103,12 @@
icon: constants.admin.icon,
scope: ''
});
}
callback(null, strategies);
};
SAML.login = function(samlid,email, callback) {
SAML.login = function(samlid,username, callback) {
SAML.getUidBySAMLId(samlid, function(err, uid) {
if(err) {
@ -104,9 +120,10 @@
callback(null, {
uid: uid
});
} else {
}
else {
// New User
user.create({username: email}, function(err, uid) {
user.create({username: username}, function(err, uid) {
if(err) {
return callback(err);
}
@ -142,18 +159,18 @@
};
SAML.deleteUserData = function(uid, callback) {
// async.waterfall([
// async.apply(user.getUserField, uid, 'samlid'),
// function(oAuthIdToDelete, next) {
// db.deleteObjectField('twid:uid', oAuthIdToDelete, next);
// }
// ], function(err) {
// if (err) {
// winston.error('[sso-twitter] Could not remove OAuthId data for uid ' + uid + '. Error: ' + err);
// return callback(err);
// }
// callback(null, uid);
// });
async.waterfall([
async.apply(user.getUserField, uid, 'samlid'),
function(idToDelete, next) {
db.deleteObjectField('samlid:uid', idToDelete, next);
}
], function(err) {
if (err) {
winston.error('[sso-saml] Could not remove user data for uid ' + uid + '. Error: ' + err);
return callback(err);
}
callback(null, uid);
});
};
module.exports = SAML;

6
templates/admin/plugins/sso-saml.tpl
View file

@ -1,4 +1,4 @@
<h1><i class="fa fa-twitter-square"></i> Simple samp Authentication</h1>
<h1> Simple samp Authentication</h1>
<hr />
<form>
@ -10,7 +10,9 @@
<input type="text" data-field="sso:saml:idpentrypoint" title="IdP entry point" class="form-control input-lg" placeholder="IdP entry point"><br />
<input type="text" data-field="sso:saml:callbackpath" title="Callback path" class="form-control input-md" placeholder="Callback path"><br/>
<input type="text" data-field="sso:saml:issuer" title="Issuer string to supply to identity provider" class="form-control input-md" placeholder="Issuer string to supply to identity provider"><br/>
<input type="text" data-field="sso:saml:metadata" title="Metadata URL" class="form-control input-md" placeholder="Metadata URL">
<input type="text" data-field="sso:saml:metadata" title="Metadata URL" class="form-control input-md" placeholder="Metadata URL"><br/>
<input type="text" data-field="sso:saml:servercrt" title="Server CRT file" class="form-control input-md" placeholder="Server CRT file">
</div>
</form>