Add SAML Server #195
Assignees
Labels
area: web
Web development related things [front end/back end]
category: back end
Back end part of our web service
Milestone
Comments
sirinoks
added
category: back end
|
Here's the IdP details we'll use on staging (i.e., https://mycustomdomain-dev.senecacollege.ca):
IdP Signing CertificateIdP signing certificate: -----BEGIN CERTIFICATE----- MIIC8DCCAdigAwIBAgIQGoUBqrK9/Y1AwiVy7iC55zANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQD EylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMzAyMDcxNjIw MDlaFw0yNjAyMDcxNjIwMDlaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg U1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtALfcvwbXGdo qvD6jEasSjqDH9ojyQ0c9/ZZ8AAIWtrP/dORdSsXxRrcEq9RyFreJ6mltoO/VXvwVImPPFm7bW+3 uk1GQDbeUqp6IG93islQ9eMCo9TudNSMaoq80nIVwoSnXIw3p6qVfe0FYkbIWCDh9VF37sNMpcOD GgxQ7go0p3VygvM7HihZnyD8uEUKEwP/HvoSuf5Rb4LdB3olHDODkNV6IqK71KSb2yy0DLsWHO1E q/NKmlhkIU4cggB+tz0ywrT+LGknwbtIR4/FyNVhiT7jl8syAX3fZbP3EwqLg/1LS+Sdr1oVcI0b VUvo5BVmOiD9QJLwctoU7J7DzQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb4Osh6kaWzD4NQi0F D19xOcGnl424rsZshVjKTO/4fvRhckBmVvQpR83H9+IT39Vb2+UDL/Zb1dELMNZY8zO4UuNpnGb2 0ynxYz8HPsGOj8evr8UEs7FeTZn+T9Erhtd/P+A3bAKJXf9bmD5PnhAUr2RV+iUAqrsA8XoD9oMo v1KIgtDi2+fWWWpE5G4be8Qjf8LMdsbDLA+wWsAq4zif6ov6HOH7j8jowAPCR/ajRtO+oYl//xNr 9tz3bNPpWNCCvhDh9x2P9UFgNO8NprX3EmAw/kZsOVWWjSqk5i5awn2BB4t/BATNxYP3jOhrWJuB ot+ujpIJb1OSTxObWR2E -----END CERTIFICATE----- Apparently we're going to get these extra claims:
And here's what I'm suggesting we use for the SP:
|
sfrunza13
added a commit
that referenced
this issue
Feb 24, 2023
* SAML Server, login callback, login page change, sp metadata route, small .env change SSO and SLO with SimpleSAMLPhp and Samlify Added SLO callback * linting concerns * else * POST check first, sAMAccountName extract, idp and sp only used in samlServer, new samlServer functions to export funcionality without exposing sp/idp * Add idp config locally * cleaned up the code comments, swaped the conditional logic to make some guard clauses, added file to metadata file name * forgot a console log * I think this addresses most things * Metadata secret check and remove fs in saml server, tried to add the relayState stuff in the logic inside of the saml server * Changed the metadata location properly * Changed the loginRequest a bit * passing a string into creating login request so that we can use redirectTo searchParams and if it comes from login directly we just use '/', added taking relaystate out of body in parseLoginResponse and destructure it in callback file. * narrowed down type of relayState to string * I forgot to save the changes last time * changed to string or default '/' for createLogin, used URL constructor in createLoginRequest * addition to env example --------- Co-authored-by: stefanaz2 <sfrunza@seneca.ca>
Genne23v
pushed a commit
to Genne23v/starchart
that referenced
this issue
Feb 25, 2023
* SAML Server, login callback, login page change, sp metadata route, small .env change SSO and SLO with SimpleSAMLPhp and Samlify Added SLO callback * linting concerns * else * POST check first, sAMAccountName extract, idp and sp only used in samlServer, new samlServer functions to export funcionality without exposing sp/idp * Add idp config locally * cleaned up the code comments, swaped the conditional logic to make some guard clauses, added file to metadata file name * forgot a console log * I think this addresses most things * Metadata secret check and remove fs in saml server, tried to add the relayState stuff in the logic inside of the saml server * Changed the metadata location properly * Changed the loginRequest a bit * passing a string into creating login request so that we can use redirectTo searchParams and if it comes from login directly we just use '/', added taking relaystate out of body in parseLoginResponse and destructure it in callback file. * narrowed down type of relayState to string * I forgot to save the changes last time * changed to string or default '/' for createLogin, used URL constructor in createLoginRequest * addition to env example --------- Co-authored-by: stefanaz2 <sfrunza@seneca.ca>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Configure SP in code, probably hiding values in the .env file and the IDP from the metadata on the IDP container url.
Following https://github.com/remix-run/examples/pull/130/files/ec66b3060fac83eec2389eb0c96aad6d8ea4aed1#diff-02d2b71e481b2495b8a72af14f09fc28238298c7f1d19a540e37c9228985b0da SAMLServer file.
The text was updated successfully, but these errors were encountered: