update saml2 to get contact information and service provider metadata (#674)

Signed-off-by: Denis barbaron <denis.barbaron@orange.com> Co-authored-by: Karol Wrótniak <karol.wrotniak@droidsonroids.pl>
2026-04-18 07:53:22 +02:00 · 2023-06-15 21:48:45 +02:00
parent c24d24bc9d
commit 3e526d2aa3
1 changed files with 35 additions and 8 deletions
--- a/lib/units/auth/saml2.js
+++ b/lib/units/auth/saml2.js
@@ -11,6 +11,8 @@ var logger = require('../../util/logger')
 var urlutil = require('../../util/urlutil')
 var jwtutil = require('../../util/jwtutil')

+const dbapi = require('../../db/api')
+
 module.exports = function(options) {
  var log = logger.createLogger('auth-saml2')
  var app = express()
@@ -18,14 +20,23 @@ module.exports = function(options) {

  app.set('strict routing', true)
  app.set('case sensitive routing', true)
-  app.use(bodyParser.urlencoded({extended: false}))
-  app.use(passport.initialize())

-  passport.serializeUser(function(user, done) {
-    done(null, user)
-  })
-  passport.deserializeUser(function(user, done) {
-    done(null, user)
+  app.get('/auth/contact', function(req, res) {
+    dbapi.getRootGroup().then(function(group) {
+      res.status(200)
+        .json({
+          success: true
+        , contact: group.owner
+        })
+    })
+    .catch(function(err) {
+      log.error('Unexpected error', err.stack)
+      res.status(500)
+        .json({
+          success: false
+        , error: 'ServerError'
+        })
+      })
  })

  var verify = function(profile, done) {
@@ -54,7 +65,23 @@ module.exports = function(options) {
    })
  }

-  passport.use(new SamlStrategy(samlConfig, verify))
+  var mySamlStrategy = new SamlStrategy(samlConfig, verify)
+  app.get('/auth/saml/metadata', function(req, res) {
+    res.type('application/xml')
+    res.send((mySamlStrategy.generateServiceProviderMetadata()))
+  })
+
+  app.use(bodyParser.urlencoded({extended: false}))
+  app.use(passport.initialize())
+
+  passport.serializeUser(function(user, done) {
+    done(null, user)
+  })
+  passport.deserializeUser(function(user, done) {
+    done(null, user)
+  })
+
+  passport.use(mySamlStrategy)

  app.use(passport.authenticate('saml', {
    failureRedirect: '/auth/saml/'