From 17f0067ab2553fdfd4c7b4043440c9a3e325929c Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Wed, 29 Apr 2020 18:27:00 +0200 Subject: allow to set a saml client certificate Signed-off-by: Simeon Keske --- lib/config/default.js | 1 + lib/config/environment.js | 1 + lib/web/auth/saml/index.js | 1 + 3 files changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/config/default.js b/lib/config/default.js index 9b852d1e..9284882a 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -143,6 +143,7 @@ module.exports = { saml: { idpSsoUrl: undefined, idpCert: undefined, + clientCert: undefined, issuer: undefined, identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', disableRequestedAuthnContext: false, diff --git a/lib/config/environment.js b/lib/config/environment.js index 87a7e3ee..2d76286f 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -120,6 +120,7 @@ module.exports = { saml: { idpSsoUrl: process.env.CMD_SAML_IDPSSOURL, idpCert: process.env.CMD_SAML_IDPCERT, + clientCert: process.env.CMD_SAML_CLIENTCERT, issuer: process.env.CMD_SAML_ISSUER, identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT, disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT), diff --git a/lib/web/auth/saml/index.js b/lib/web/auth/saml/index.js index 40a6f8b3..4d0bfec5 100644 --- a/lib/web/auth/saml/index.js +++ b/lib/web/auth/saml/index.js @@ -17,6 +17,7 @@ passport.use(new SamlStrategy({ entryPoint: config.saml.idpSsoUrl, issuer: config.saml.issuer || config.serverURL, cert: fs.readFileSync(config.saml.idpCert, 'utf-8'), + privateCert: config.saml.clientCert === undefined ? undefined : fs.readFileSync(config.saml.clientCert, 'utf-8'), identifierFormat: config.saml.identifierFormat, disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext }, function (user, done) { -- cgit v1.2.3 From bab0409ed09496ee1b997c40f62e6d8b0ad83013 Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Wed, 6 May 2020 16:28:34 +0200 Subject: add error handling to saml-certs Signed-off-by: Simeon Keske Signed-off-by: Leo Maroni --- lib/web/auth/saml/index.js | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/web/auth/saml/index.js b/lib/web/auth/saml/index.js index 4d0bfec5..c984751c 100644 --- a/lib/web/auth/saml/index.js +++ b/lib/web/auth/saml/index.js @@ -16,8 +16,21 @@ passport.use(new SamlStrategy({ callbackUrl: config.serverURL + '/auth/saml/callback', entryPoint: config.saml.idpSsoUrl, issuer: config.saml.issuer || config.serverURL, - cert: fs.readFileSync(config.saml.idpCert, 'utf-8'), - privateCert: config.saml.clientCert === undefined ? undefined : fs.readFileSync(config.saml.clientCert, 'utf-8'), + privateCert: config.saml.clientCert === undefined ? undefined : (function () { + try { + return fs.readFileSync(config.saml.clientCert, 'utf-8') + } catch (e) { + logger.error('saml client certificate not found at: ' + config.saml.clientCert) + } + }()), + cert: (function () { + try { + return fs.readFileSync(config.saml.idpCert, 'utf-8') + } catch (e) { + logger.error('saml idp certificate not found at: ' + config.saml.idpCert) + process.exit(1) + } + }()), identifierFormat: config.saml.identifierFormat, disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext }, function (user, done) { -- cgit v1.2.3 From a134aa3f35d083bb36340562f61c8d19ea9a9027 Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Mon, 18 May 2020 13:29:05 +0200 Subject: saml: make logger print actual error message Signed-off-by: Simeon Keske Signed-off-by: Leo Maroni --- lib/web/auth/saml/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/web/auth/saml/index.js b/lib/web/auth/saml/index.js index c984751c..14f3966d 100644 --- a/lib/web/auth/saml/index.js +++ b/lib/web/auth/saml/index.js @@ -20,14 +20,14 @@ passport.use(new SamlStrategy({ try { return fs.readFileSync(config.saml.clientCert, 'utf-8') } catch (e) { - logger.error('saml client certificate not found at: ' + config.saml.clientCert) + logger.error(`SAML client certificate: ${e.message}`) } }()), cert: (function () { try { return fs.readFileSync(config.saml.idpCert, 'utf-8') } catch (e) { - logger.error('saml idp certificate not found at: ' + config.saml.idpCert) + logger.error(`SAML idp certificate: ${e.message}`) process.exit(1) } }()), -- cgit v1.2.3