Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
TheHanna2517yUpdate: I have a working Python server and an almost working Node.js server.
Python seems to be playing nice with ADFS. Node.js seems to continue to get InvalidNameIDPolicy errors.
The configurations are exactly the same. I've even tried exporting the service provider metadata from the Python server and using it with the Node.js server to no avail. It has to be the way the authnrequest is being generated by samlify. -
TheHanna2517yUpdate: I think I had my eureka moment just as I had to leave the office. I logged the SAMLRequest built by python3-saml (working) and by samlify (not working, InvalidNameIDPolicy error coming back from ADFS). Comparing the two, I noted significant differences between the AuthnRequest structures. To get samlify working, I should just need to provide a custom login request template which is detailed in the docs. Overall a very productive day
-
TheHanna2517yUpdate: Holy shit did this take a turn.
I abandoned samlify. It's a good library, but I'm deploying to an Azure web app running Windows. Samlify depends on an XML library that compiles with node-gyp. That's difficult enough when you control the Windows environment, and impossible if you don't. Errors everywhere.
While searching for alternatives, I came across saml2-js. It's similar to samlify, but without the compiled dependency. I drop it in, configure it and run it. It seems to work, until I sign in to SSO. The identity provider redirects back to my app and...
It doesn't work. Times out. I try a different response handler. I get an error from zlib. I decide to open an issue on the repo. I want to give as much detail as possible, so I check the source to see exactly where it's failing.
Always check the source. There lie the answers.
In my case, the answer was that I was doing nothing with the response. I added a res.redirect('/') and it works now.
I closed the issue in shame.
Related Rants
Are there any good SAML 2.0 libraries out there for Node.js or Python?
Background: I'm working with SAML 2.0 SSO through ADFS at my current job. Our application server is a Java/Tomcat/Spring beast that I'm becoming more familiar with, and disliking more each time I toy with it. I'd like to move to something I and my team are more familiar with, and can better maintain/update/enhance.
So far I've tried (for Node.js) passport-saml and samlify, but neither have great documentation. I've also used python3-saml and it worked well. We're mainly a JavaScript shop, at least in my department, so Node.js would be preferable.
question
python
saml
sso
nodejs
javascript
passport