Using the generated keys
Add this to index.js
const fs = require("fs");
const PbK = fs.readFileSync(__dirname + "/certs/cert.pem", "utf8");
const PvK = fs.readFileSync(__dirname + "/certs/key.pem", "utf8");
Add the following key-value pair to the SAML strategy config options object
decryptionPvk: PvK,
Add the public key to your metadata by passing it as an argument to generateServiceProviderMetadata function:
app.get("/jhu/metadata", (req, res) => {
res.type("application/xml");
res.status(200);
res.send(samlStrategy.generateServiceProviderMetadata(PbK));
});
Now run the server and head over to http://localhost:7000/jhu/metadata. Notice the <KeyDescriptor use="encryption"> element which is added to metadata XML.
Diff
diff --git a/code/index.js b/code/index.js
index 8e59655..468616d 100644
--- a/code/index.js
+++ b/code/index.js
@@ -1,6 +1,10 @@
const express = require("express");
const passport = require("passport");
const saml = require("passport-saml");
+const fs = require("fs");
+
+const PbK = fs.readFileSync(__dirname + "/certs/cert.pem", "utf8");
+const PvK = fs.readFileSync(__dirname + "/certs/key.pem", "utf8");
const JHU_SSO_URL = "https://idp.jh.edu/idp/profile/SAML2/Redirect/SSO";
const SP_NAME = "glacial-plateau-47269";
@@ -13,6 +17,7 @@ const samlStrategy = new saml.Strategy(
entryPoint: JHU_SSO_URL,
issuer: SP_NAME,
callbackUrl: `${BASE_URL}/jhu/login/callback`,
+ decryptionPvk: PvK,
},
(profile, done) => {
return done(null, profile);
@@ -59,7 +64,7 @@ app.post(
app.get("/jhu/metadata", (req, res) => {
res.type("application/xml");
res.status(200);
- res.send(samlStrategy.generateServiceProviderMetadata());
+ res.send(samlStrategy.generateServiceProviderMetadata(PbK));
});
// Start the server.