-
Create a working directory
<some_path>/saml-idp
and install the npm packagesaml-idp
.[user@localhost saml-idp]$ npm install saml-idp
-
Create a pair of self-signed X.509 private key and certificate
[user@localhost saml-idp]$ openssl req -newkey rsa:2048 -nodes -keyout idp_key.pem -x509 -days 365 -out idp_cert.pem
-
Create a
idp_config.js
file to contain the fake IdP configuration./** * User Profile */ var profile = { userName: 'sjackson', nameIdFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', uid: 'sjackson', lastName:'Jackson', firstName: 'Saml', email: 'saml.jackson@example.com' } /** * SAML Attribute Metadata */ var metadata = [ { id: "uid", optional: false, displayName: 'Username', description: 'The username of the user', multiValue: false }, { id: "email", optional: false, displayName: 'E-Mail Address', description: 'The e-mail address of the user', multiValue: false }, { id: "firstName", optional: false, displayName: 'First Name', description: 'The given name of the user', multiValue: false }, { id: "lastName", optional: false, displayName: 'Last Name', description: 'The surname of the user', multiValue: false }]; module.exports = { user: profile, metadata: metadata }
Your working folder should contain
idp_key.pem
,idp_cert.pem
andidp_config.js
. -
Run the IdP server by running (
acsUrl
points to the Teaching app and may change if you changed the port):node node_modules/saml-idp/bin/run.js --key ./key.pem --cert ./certificate.pem \ --configFile <some_path>/saml-idp/idp_config.js --acsUrl http:/localhost:5000/auth/callback \ --audience ictm-teaching --issuer saml-idp
The
configFile
parameter requires an absolute path to work correctly. The server will run, by default, on port7000
.
-
Create a pair of self-signed X.509 private key and certificate
[user@localhost ictm-teaching]$ openssl req -newkey rsa:2048 -nodes -keyout sp_key.pem -x509 -days 365 -out sp_cert.pem
-
Adapt the
config.json
file so that theSAML
corresponds to :"SAML": { "attributes": { "sn": "lastName", "email": "email", "givenName": "firstName", "uid": "uid" }, "security": { "metadataValidUntil": "", "metadataCacheDuration": "", "wantAssertionsEncrypted": false, "wantAssertionsSigned": true, "authnRequestsSigned": true }, "sp": { "assertionConsumerService": { "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "entityId": "ictm-teaching", "x509cert": "<paste sp_cert.pem here>", "privateKey": "<paste sp_key.pem here>" }, "idp": { "entityId": "saml-idp", "singleSignOnService": { "url": "http://localhost:7000/saml/sso", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "<paste idp_cert.pem here>" }, "strict": true }
and paste the content of the required files in the indicated
<tags>
. -
You can now run the app and feed any user information using the fields provided by the IdP application.
-
Add the database URI to the
config.json
file. The URI should be in the following format:"SQLALCHEMY_DATABASE_URI": "DB URI"
Replace the
DB URI
with the preferred location for the database. -
Run python script to create database tables and add the first admin.:
[user@localhost ictm-teaching]$ python create_db.py --first_name "<first_name>" --name "<name>" --email "<email>"
Replace the
<tags>
with the desired information for the first admin. -
Run the IdP server and the app.