Merge pull request #350 from n0emis/saml-client-cert

author: David Mehren 2020-07-11 21:29:44 +0200
committer: GitHub 2020-07-11 21:29:44 +0200
commit: 2a52805a26ce9262b1c33e307dbf912fdeb72845 (patch)
tree: a0d30391e6e4e430b4c43aa3a299ea01ea5dfbb3 /lib/web
parent: 3db8b0df43b027d15d13047e25617266ddc57f13 (diff)
parent: a134aa3f35d083bb36340562f61c8d19ea9a9027 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/web/auth/saml/index.js b/lib/web/auth/saml/index.js
index 40a6f8b3..14f3966d 100644
--- a/lib/web/auth/saml/index.js
+++ b/lib/web/auth/saml/index.js
@@ -16,7 +16,21 @@ passport.use(new SamlStrategy({
   callbackUrl: config.serverURL + '/auth/saml/callback',
   entryPoint: config.saml.idpSsoUrl,
   issuer: config.saml.issuer || config.serverURL,
-  cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),
+  privateCert: config.saml.clientCert === undefined ? undefined : (function () {
+    try {
+      return fs.readFileSync(config.saml.clientCert, 'utf-8')
+    } catch (e) {
+      logger.error(`SAML client certificate: ${e.message}`)
+    }
+  }()),
+  cert: (function () {
+    try {
+      return fs.readFileSync(config.saml.idpCert, 'utf-8')
+    } catch (e) {
+      logger.error(`SAML idp certificate: ${e.message}`)
+      process.exit(1)
+    }
+  }()),
   identifierFormat: config.saml.identifierFormat,
   disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext
 }, function (user, done) {
author	David Mehren	2020-07-11 21:29:44 +0200
committer	GitHub	2020-07-11 21:29:44 +0200
commit	2a52805a26ce9262b1c33e307dbf912fdeb72845 (patch)
tree	a0d30391e6e4e430b4c43aa3a299ea01ea5dfbb3 /lib/web
parent	3db8b0df43b027d15d13047e25617266ddc57f13 (diff)
parent	a134aa3f35d083bb36340562f61c8d19ea9a9027 (diff)